The U.S. Department of Justice on Monday announced that it had taken action against two individuals accused of using REvil ransomware to attack U.S. businesses and government agencies.
In a press release, the DOJ said it had charged a Ukrainian man with multiple ransomware attacks, including an attack in July of this year against the remote managing software company Kaseya.
It had also seized $6 million in funds traceable to alleged ransomware payments received by a Russian man charged with deploying REvil attacks against several entities.
“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” said U.S. Attorney General Merrick Garland in a statement.
“Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims,” Garland continued.
WHY IT MATTERS
REvil ransomware has been triggering alarms for healthcare cybersecurity experts, even after the group appeared to vanish earlier this year. In June, a hospital attack attributed to the group potentially exposed the information of 1.3 million people.
The DOJ indictments on Monday concern two hackers accused of using the ransomware to target U.S. organizations: a 22-year-old Ukranian named Yaroslav Vasinskyi and a 28-year-old Russian named Yevgeniy Polyanin.
The agency has accused Vasinskyi of deploying malicious REvil code throughout a Kaseya product, eventually establishing endpoints on Kaseya customer networks. In turn, ransomware was executed on those computers.
He is suspected of attacking roughly 2,500 targets, and collecting $2.3 million in ransom, according to CNBC.
Vasinkyi, who was arrested in Poland in October, faces 115 years in prison. The U.S. has asked for him to be extradited.
Polyanin, meanwhile, is believed to still be abroad, said the DOJ. He faces 145 years in prison.
Meanwhile, Romanian authorities also announced Monday that they had arrested two individuals suspected of involvement in 5,000 REvil ransomware infections.
This was in addition to Vasinskyi and two other REvil affiliates arrested since February 2021.
“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners,” said FBI Director Christopher Wray in a statement.
“The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil,” he added.
“Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be,” said Wray.
THE LARGER TREND
President Joe Biden’s administration has taken a no-nonsense approach to cyberattacks. This summer, U.S. Secretary of Commerce Gina Raimondo implied that military action might be on the table when it comes to a ransomware response.
The Cybersecurity and Infrastructure Security Agency this past week also ordered federal agencies to patch known flaws carrying “significant risk” to the federal enterprise – many within the next few weeks.
ON THE RECORD
“These two defendants deployed some of the internet’s most virulent code, authored by REvil, to hijack victim computers,” said Acting U.S. Attorney Chad E. Meacham for the Northern District of Texas, in a statement concerning Vasinskyi and Polyanin.
“In a matter of months, the Justice Department identified the perpetrators, effected an arrest, and seized a significant sum of money. The Department will delve into the darkest corners of the internet and the furthest reaches of the globe to track down cyber criminals,” he said.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.
Source: Read Full Article