22-year-old Ukrainian arrested in Poland has been charged in the United States in a global operation against ransomware attacks, including the high-profile hack of computer software company Kaseya in July, officials said Monday .
Yaroslav Vasinskyi, who was arrested in Poland on October 8, was the most important of several people whose arrests were announced Monday by US and European authorities.
The arrests were linked to the Russian-based hacker group REvil, also known as Sodinokibi, and the GandCrab ransomware group.
Interpol said the four-year operation dubbed “Quicksand” or “GoldDust” was carried out by 19 law enforcement agencies in 17 countries.
He said those arrested “are believed to have perpetrated tens of thousands of ransomware infections and demanded over 200 million euros ($ 230 million) in ransom.”
Vasinskyi’s fraud and money laundering indictment was announced by the US Department of Justice, which also announced the seizure of $ 6.1 million in funds from alleged ransom payments made to Yevgyeniy Polyanin, a Russian national.
Polyanin, 28, is accused of carrying out REvil / Sodinokibi ransomware attacks against businesses and government entities in Texas in August 2019.
Polyanin, who was indicted in Texas on conspiracy to commit fraud and money laundering, is believed to be in Russia, possibly in Barnaul, according to the FBI.
EU police agency Europol said that in addition to Vasinskyi, two people were arrested in Romania, one in Kuwait and three in South Korea.
US Attorney General Merrick Garland said the US is seeking Vasinskyi’s extradition from Poland.
“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy and to our national security,” Garland told reporters.
“Our message today is clear. The United States, along with our allies, will do everything in their power to identify the perpetrators of ransomware attacks, bring them to justice and recover the funds they have. stolen from their victims. “
– ‘Fundamental priority’ –
Ransomware is an increasingly lucrative form of digital hostage-taking in which hackers encrypt victims’ data and then demand money for restored access.
According to the US indictments, Vasinskyi and Polyanin deployed the REvil / Sodinokibi ransomware to encrypt data on the computers of the victimized companies.
Vasinskyi is believed to be responsible for the July ransomware attack on Kaseya, a company that provides network and infrastructure services to thousands of small businesses around the world.
The REvil / Sodinokibi malware has caused data encryption on the computers of many Kaseya software users.
The victims were asked to pay a ransom in virtual currency. If they paid the ransom, they received a decryption key and could access their files.
If they refused, hackers threatened to publicly disclose the stolen data, sell it to third parties and continue to deny access.
Vasinskyi and Polyanin, if found guilty of fraud and other charges, could face more than 100 years in prison.
President Joe Biden praised the operation and said cybersecurity was a “top priority” for his administration.
“When I met President (Vladimir) Putin in June, I made it clear that the United States would take action to hold cybercriminals accountable,” Biden said in a statement. “That’s what we did today.
Meanwhile, the State Department has said it is offering a reward of up to $ 10 million for any information that identifies or locates the leaders of the organized criminal group REvil / Sodinokibi.
And the US Treasury Department has announced that it is taking action against Chatex, a virtual currency exchange accused of laundering ransomware proceeds.
The department said ransomware payments in the United States reached $ 590 million in the first half of 2021, up from a total of $ 416 million in 2020.
cl / mdl