US DOJ Charges Ukrainian National with Ransomware Attack on Kaseya

The United States Department of Justice (DOJ) announced today that it has seized approximately $6.1 million related to alleged ransomware extortionists. The authority also took strong actions against two foreign nationals for their involvement in ransomware attacks against businesses and government entities in the US.

DOJ charged Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims. The charges include an attack by Vasinskyi on Kaseya, a multi-national IT company, in July 2021. Moreover, the authority charged Yevgeniy Polyanin, a Russian national, for conducting Sodinokibi/REvil ransomware attacks against multiple victims including businesses in Texas.

According to the indictments, the two charged individuals accessed the internal computer networks of victims and deployed ransomware to steal sensitive data. Dallas and Jackson Field Offices of the FBI are currently leading the investigation.

“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” said Attorney General Garland. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”

Cryptocurrency Funds

According to the details shared by the DOJ, Polyanin was involved in money laundering including the illegal transfer of funds through cryptocurrency assets. If convicted, Polyanin and Vasinskyi will face severe punishments.

“Through the deployment of Sodinokibi/REvil ransomware, the defendants allegedly left electronic notes in the form of a text file on the victims’ computers. The notes included a web address leading to an open-source privacy network known as Tor, as well as the link to a publicly accessible website address the victims could visit to recover their files. Upon visiting either website, victims were given a ransom demand and provided a virtual currency address to use to pay the ransom. If a victim paid the ransom amount, the defendants provided the decryption key, and the victims then were able to access their files,” the official announcement states.

Source: Read Full Article