U.S. charges two suspected ransomware hackers
Attorney General Merrick Garland on Monday unveiled charges against two suspected hackers in connection to attacks by the Russia-linked REvil ransomware group.
Driving the news: Yaroslav Vasinskyi, 22, was indicted by U.S. authorities in August in connection to the Kaseya ransomware attack by REvil in July, though the indictment was previously under seal, Garland said.
- Garland also announced that the Justice Department has seized about $6.1 million in ransomware payments received by another REvil operative, Yevgeniy Polyanin, 28, who is Russian.
Details: The charges against Vasinskyi include conspiring to "commit intentional damage to protected computers, and to extort in relation to that damage, causing intentional damage to protected computers and conspiring to commit money laundering."
- "To date, REvil ransomware has been deployed on approximately 175,000 computers worldwide, with at least $200 million paid in ransom," Garland said.
- On Oct. 8, Vasinskyi crossed the border into Poland and was arrested by Polish authorities at the U.S.'s request, and American officials have requested his extradition, Garland said.
Of note: Earlier Monday, Europol announced that Romanian authorities had arrested two unnamed REvil-affiliated people on Nov. 4, including a Ukrainian who is "suspected of perpetrating the Kaseya attack."
What they're saying: "Cybercrime is a serious threat to our country, to our personal safety, to the health of our economy, and to our national security," Garland said.
- "The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from the American people," he added.
The big picture: Ransomware and cyber crime has been a focus for the Biden administration. In June, the Justice Department announced that it would treat ransomware attack investigations with similar protocols it uses for terrorism cases.
- In May the Russia-based cybercrime group DarkSide conducted a ransomware attack that shut down the Colonial Pipeline. In June, officials announced they had recovered $2.3 million worth of cryptocurrency paid as a ransom to the group.
- Meat supplier JBS paid roughly $11 million in ransom after it was the victim of a cyberattack.
- In late October, Microsoft warned that Russian-backed hackers behind the sprawling SolarWinds breach have targeted at least 140 tech companies.
Go Deeper: Ransomware epidemic intensifies