(Photo by Olivier Douliery/AFP via Getty Image)
The US says it helped nab a Ukrainian man for his alleged role in the REvil ransomware attack on IT services provider Kaseya, which ensnared hundreds of companies this past summer.
On Monday, the Justice Department announced the suspect Yaroslav Vasinsky was arrested at the Polish border on an international warrant from the US. Federal officials are now seeking his extradition to the US to stand trial.
The Justice Department alleges Vasinsky and his co-conspirators authored the REvil ransomware strain and then spread it to companies, including Kaseya, on July 2. By compromising Kaseya, the hackers were able to deliver a ransomware payload to hundreds of the company’s enterprise customers, encrypting the affected computers. Victims were then told to pay millions in Bitcoin or risk losing their data forever.
The Justice Department says it acted relatively quickly to identify the culprits behind the Kaseya attacks. On Aug. 11, federal investigators filed a sealed indictment against Vasinsky. On Oct. 8, Polish police then arrested Vasinsky while he was crossing the Polish-Ukrainian border.
US officials touted the arrest on Monday as the White House has made fighting ransomware a national security priority. “Our message to ransomware criminals is clear: If you target victims here, we will target you,” said US Deputy Attorney General Lisa Monaco.
On the same day, the Justice Department announced it's also charging a 28-year-old Russian named Yevgeniy Polyanin for conducting attacks using the REvil ransomware strain. Federal officials also seized $6.1 million in cryptocurrency funds Polyanin allegedly received from his ransomware victims.
However, Vasinsky and Polyanin may simply just be “affiliates” or customers who bought access to deploy the REvil ransomware strain. Cybersecurity firms suspect the main developers of REvil are based somewhere in Russia, a country that refuses to extradite criminal suspects to the US.
To fight back, the US has announced a $10 million reward for any information that could lead to the identification or location of the head hackers behind the REvil ransomware gang. The US Treasury Department is also sanctioning a cryptocurrency exchange named Chatex for allegedly facilitating ransomware payments to the attackers.
In addition, US officials stressed the importance of victim companies reporting a ransomware attack to the FBI once it occurs as soon as possible. Otherwise, it may be too late for federal investigators to respond.
"Failure to timely report also puts other potential victims in jeopardy," said US Attorney General Merrick Garland. "It deprives investigators information they need to forestall or mitigate other attacks. It is for this reason that we urge Congress to create a national standard for reporting significant cyber incidents, and to require the reported information be shared immediately with the Justice Department."
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
)