In early July, heading into the holiday weekend, a ransomware attack against the IT management firm Kaseya incapacitated hundreds of businesses, their data encrypted by the notorious REvil ransomware group. Now, US authorities have announced a development as unprecedented as the incident itself: The alleged perpetrator, a Ukrainian national, was arrested in October and is currently awaiting extradition from Poland.

Ransomware gangs have operated with relative impunity over the last few years, in part because so many of them are based in Russia and the Kremlin has steadfastly turned a blind eye. Monday’s Department of Justice announcement, though, shows that the hybrid approach law enforcement has landed on can work. The arrest and pending extradition of 22-year-old Yaroslav Vasinskyi shows that officials are capable of apprehending key players when they slip up. And another major announcement, the seizure of $6.1 million in alleged ransomware payments received by Russian national Yevgeniy Polyanin, shows that authorities can disrupt their targets even when they can’t take them into custody.

“Vasinskyi’s arrest demonstrates how quickly we will act alongside our international partners to identify, locate, and apprehend alleged cybercriminals no matter where they are located,” Attorney General Merrick Garland said at a press conference on Monday. “Ransomware attacks are fueled by criminal profits; that is why we are not just pursuing individuals responsible for those attacks. We are also committed to capturing their illicit profits and returning them whenever we can to the victims from whom they were extorted.”

The indictments against Vasinskyi and Polyanin don’t go into great detail. Vasinskyi allegedly became involved with REvil most recently in December 2019, when he responded to an advertisement on a Russian hacker forum seeking ransomware affiliates. The people who write ransomware code often make what are essentially franchise deals for their hacking tools in exchange for a cut of the proceeds—the McDonald’s model for cybercrime. Vasinskyi is accused of carrying out the attack on Kaseya, which in turn spread to a number of the company’s customers through software updates. Ultimately, the attack impacted as many as 1,500 businesses. 

Polyanin, who is 28 years old, is also accused of deploying REvil ransomware against multiple victims. The indictment alleges that he was responsible, at least in part, for a ransomware spree that targeted a large number of local Texas government agencies in August 2019. Polyanin, who lives in Russia, is still at large but is thought to have links to 3,000 ransomware attacks that have collectively attempted to extort at least $13 million from victims.

“This is great news all the way around,” says Allan Liska, an analyst for the security firm Recorded Future. “It reminds ransomware actors that they aren’t safe, even in Russia. ‘If we can’t arrest you, we’ll take your money.’ Even ransomware actors have to use services outside of Russia sometimes, and that’s where law enforcement has power.”

Combined with recently announced sanctions from the Treasury Department and a reward from the State Department for information about the notorious DarkSide ransomware actors, the Justice Department’s action on Monday reflects the Biden administration’s “whole of government” ransomware mantra.

Source: The Biggest Ransomware Bust Yet Might Actually Make an Impact

The Biggest Ransomware Bust Yet Might Actually Make an Impact - Click To Share

Other recent press releases

*This is a free press release. All upgraded press releases are ad-free!

Maximize Your Audience Reach With These 13 Lead Generation Platforms

Businesses rely on effective sales trajectory management to close deals. The first step in this process is lead generation, which is considered one of the most critical aspects in business development. Lead generation is the backbone of all sales. It is a way of producing prospective clients for your business and capturing their interest and

Energy drinks recalled in Canada because of high levels of caffeine

Photo illustration T&E Imports and GPAE Trading Corp. are recalling G Fuel brand Energy Drinks because of high levels of caffeine. Too much caffeine can cause severe disturbances to the heart and nervous system. According to the recall posted by the Canadian Food Inspection Agency (CFIA), the recalled products have been sold nationally in Canada