The United States Department of Justice (DOJ) charged a Ukrainian citizen and a Russian in one of the ransomware attacks against US targets, according to court filings shown on Nov. 8 (Monday).
The proclamation of criminal charges came after soon European law enforcement authorities revealed on Monday the outcomes of a lengthy, seventeen-countries operation. Seven suspected hackers in connection to ransomware attacks in connection to REvil and another ransomware gang have been arrested since February this year, including two in the recent week by Romanian officials.
The latest American actions follow a series of measures taken to fight an increase in ransomware that has struck several large firms, including an attack on Colonial Pipeline, the largest fuel pipeline in the US, that halted delivery of fuel for many days.
A Ukrainian Yaroslav Vasinskyi, 22, was arrested in October after moving to Poland at the request of the American government, according to the DOJ, which also proclaimed the recovery of 6.1M dollars in ill-gotten funds from a Russian resident who was discretely charged and remained sought by the Federal Bureau of Investigation.
We’re offering rewards totaling $15M for info leading to identification, arrest, and/or conviction of Sodinokibi ransomware key leaders or individuals participating in Sodinokibi incidents. We’ll partner with nations willing to bring justice for victims. https://t.co/LJkpDSas9p
— Ned Price (@StateDeptSpox) November 8, 2021
According to Attorney General Merrick Garland, both ransomware attackers are suspected to be affiliated with the REvil, whose attacks have compromised thousands of PCs globally and yielded at least 0.2 billion dollars in pay-offs. Victims have included the JBS S.A., a Brazilian firm that’s the largest meat processing firm in the world, and a US IT firm Kaseya, which was attacked on a holiday weekend in July that the firm told affected 800 to 1500 businesses that relied on Kaseya’s software.
Crypto Exchange Chatex Facilitated Ransom Transactions
Vasinskyi used different names online to prevent detection, and is accused of being a long-time partner of the REvil ransomware attack and of deploying around 2500 operations against companies worldwide.
Most remarkably, Vasinskyi, whose pay-off demands are stated to have come to 767M dollars, is accused of being involved in the most prominent attack on Kaseya, and carried a pay-off demand of 70M dollars.
None of the “under arrest” hackers was recognized by name, but Europol stated two alleged hackers believed to be associated with REvil were arrested recent week for connection in attacks that produced nearly 0.85M dollars in ransom pay-offs. Last week, Kuwaiti authorities arrested one more accused ransomware attacker, and authorities in South Korea have arrested three in February. And a 7th was arrested in October in Europe.
Garland said that the US Department of Justice is sparing no resource to recognize and bring to justice anyone, anywhere, who targets America with a ransomware operation.
Moreover, it isn’t only the hackers the American administration is going after, as the United States Department of the Treasury also on Nov. 8 declared sanctions against the Crypto Exchange Chatex for helping ransom dealings.
The captures of hackers were part of a law enforcement inquiry called GoldDust that involved America and sixteen countries.
In June the US Department of Justice seized 2.3M dollars in digital currency from payment made by US largest fuel pipeline following a malware attack that caused the firm to briefly stop operations, creating fuel shortages in various parts of the United States.