US indict Ukrainian, Russian nationals over ransomware attacks
U.S. authorities have filed criminal charges against a Ukrainian national and a Russian national for their roles in high-profile ransomware attacks, as part of a sprawling global crackdown on digital extortion groups.
The US Department of Justice announced Monday that it has indicted 22-year-old Ukrainian Yaroslav Vasinskyi for allegedly carrying out one of the world’s largest supply chain ransomware attacks, the Kaseya hack, among others. The United States has said it is seeking to extradite Vasinskyi, who was arrested in Poland after crossing the border from Ukraine, said Merrick Garland, attorney general.
The sprawling July hack affected information technology management software provider Kaseya and approximately 1,500 of its customers and customers. The attack forced the Swedish supermarket chain Coop to close almost all of its 800 stores.
The United States has also indicted Russian national Yevgeniy Polyanin, 28, for allegedly targeting U.S. government entities and private sector companies in about 3,000 attacks that grossed around $ 13 million, Garland said. The United States seized $ 6.1 million in ransom from its activities, he added, and it is believed to be overseas.
US authorities said the two were part of Sodinokibi / REvil, a prolific Russian-linked ransomware gang that the US Treasury said received more than $ 200 million in cryptocurrency ransoms from its victims. .
These measures, which also involved authorities in Poland, Romania, Ukraine, France, Estonia, Latvia and Germany, represent the largest and most coordinated effort ever made by the United States to curb the recent wave of ransomware attacks. , in which hackers steal a company’s data. data and demand a ransom.
Separately, Europol announced on Monday that law enforcement agencies in Romania had stopped two ransomware hackers associated with the Sodinokibi / REvil ransomware cartel.
Many Western security experts have said President Joe Biden’s administration should be tougher on Moscow in particular, given that the majority of ransomware criminals are said to be based in Russia or Russian-speaking countries, where they operate with impunity. .
Biden warned Russian President Vladimir Putin at a June summit that 16 critical infrastructure areas, spanning energy, health and water, should be “off limits” by cyber or other means. , and urged responsible countries to take action against criminals who carry out ransomware activities in their territory. However, attacks by these groups appear to have continued unabated.
When asked if Russia has tolerated or is aware of the illicit activity, Garland said: âWe expect and hope that any government in which any of these ransomware players reside will do everything possible for us. provide that person for prosecution. “
The US State Department has said it is offering a reward of up to $ 10 million for any information leading to the identification or location of anyone in a senior position in the Sodinokibi / REvil group, and an additional $ 5 million for information leading to the arrest or conviction of anyone involved in a Sodinokibi / REvil ransomware incident.
US authorities are also increasingly monitoring the burgeoning crypto industry, fearing that anonymous digital assets could be used for money laundering.
The Treasury Department on Monday imposed sanctions on Chatex, a virtual bureau de change which it said had “facilitated transactions for several variants of ransomware,” as well as three groups which it said had provided “material support and assistance to Chatex â.
According to the Treasury, more than half of Chatex’s transactions were directly linked to “illicit or high-risk activities” such as paying in underground markets on the dark web and allowing ransomware groups to launder their extortion payments . He also said Chatex used services provided by Suez, a virtual currency exchange that was also sanctioned by the United States in September for similar allegations.
Additional reporting by Katrina Manson in Washington