Two men charged with deploying REvil ransomware attacks, targeting US government and businesses
Individuals face up to 145 years in prison if convicted
Two individuals have been charged with deploying REvil ransomware attacks against businesses and government departments in the US.
Ukrainian national Yaroslav Vasinskyi, 22, and Russian national Yevgeniy Polyanin, 28, were both charged with offences related to the REvil ransomware campaign, also known as ‘Sodinokibi’.
In a statement released yesterday (November 8) by the US Department of Justice (DoJ), prosecutors allege that “Vasinskyi and Polyanin accessed the internal computer networks of several victim companies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies”.
Vasinskyi is accused of carrying out multiple cyber-attacks including the July 2021 attack against Kaseya, a multi-national information technology software company.
The DoJ also said it has seized $6.1 million of funds traceable to alleged ransom payments received by Polyanin, who is charged of conducting attacks on businesses and government entities in Texas “on or about August 16, 2019”.
Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering.
If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively, said the DoJ.
Both defendants were arrested during a joint operation between international agencies including; Romania’s National Police; Canada’s Royal Canadian Mounted Police; and Poland’s National Prosecutor’s Office, Border Guard, Internal Security Agency, and Ministry of Justice.
FBI director Christopher Wray said: “The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, US government, and especially our private sector partners.
“Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic wellbeing. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.”
Vasinskyi is in custody in Poland awaiting extradition to the US, while Polyanin is “believed to be abroad”.