Garland: $6 Million in Ransomware Payments Seized, Man Charged Over Major Cyberattack

Garland: $6 Million in Ransomware Payments Seized, Man Charged Over Major Cyberattack
Attorney General Merrick Garland (L) and FBI Director Christopher Wray hold a press conference in Washington on Nov. 8, 2021. Chip Somodevilla/Getty Images
Jack Phillips
Updated:

The Department of Justice (DOJ) has charged a suspect from Ukraine and a Russian national over a July ransomware attack against a U.S. company and also seized some $6 million in ransom payments, according to Attorney General Merrick Garland and FBI Director Chris Wray.

Yaroslav Vasinskyi, a Ukrainian national arrested in Poland last month, will face federal charges for deploying ransomware known as REvil, which has been linked to hacks that have cost companies millions of dollars, the DOJ said in a court filing on Monday. Vasinskyi carried out a ransomware attack over the Fourth of July weekend on Florida-based software firm Kaseya that infected up to 1,500 businesses around the world and the United States, according to the charges.

“This will not be the last time,” Garland said, adding that the United States will pursue other alleged ransomware actors.

Garland, speaking at a news conference, announced that another alleged ransomware attacker, Yevgeniy Polyanin, a Russian national, was also charged. Polyanin was also described as an REvil operative.

Vasinskyi, he added, was charged just six weeks after the July attack and that “his arrest demonstrates how quickly we will act, alongside our international partners, to identify, locate and apprehend alleged cyber criminals no matter where they are.”

So far, REvil ransomware has been used in attacks against 175,000 computers around the world and about $200 million has been paid, said Garland, who has drawn controversy in recent weeks over a DOJ-issued memo targeting parents and school boards.

Both Vasinskyi and Polyanin were each charged with one count of conspiracy to commit fraud and related activity in connection with computers, nine counts of intentional damage to a protected computer, and one count of conspiracy to commit money laundering, according to the charging documents.

Vasinskyi, 22, was being held in Poland pending U.S. extradition proceedings, while Polyanin, 28, remained at large, according to Garland.

One of the most widespread ransomware attacks came with the corruption of a widely used software tool made by Kaseya. Many Kaseya customers were infected at once with REvil encryption. Some paid ransoms, though a master decryption key was eventually recovered by authorities and distributed weeks later.

Up to 1,500 businesses around the world have been affected by ransomware attacks centered on Kaseya, which provides software tools to IT outsourcing shops. Such companies typically handle back-office work for companies too small or modestly resourced to have their own tech departments.

Previously, the United States recovered about $4.4 million of the ransomware payment that pipeline operator Colonial Pipeline paid to the DarkSide ransomware group following the attack, which led to gas shortages across the East Coast.

Authorities in Romania, meanwhile, arrested two alleged REvil partners on Nov. 4. Another REvil affiliate was taken into custody in Kuwait on the same day, officials said.
Reuters contributed to this report.
Jack Phillips
Jack Phillips
Breaking News Reporter
Jack Phillips is a breaking news reporter who covers a range of topics, including politics, U.S., and health news. A father of two, Jack grew up in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter
Related Topics