WASHINGTON (NWN) – A suspected Ukrainian hacker has been arrested and charged in the United States in connection with costly ransomware attacks, including one that shocked businesses around the world over the weekend of July, US officials said on Monday.
Yaroslav Wasinski was arrested last month after a trip to Poland, according to the Justice Department, which also announced the recovery of $6.1 million in wrongfully received money from a Russian national who was separately charged with and was sought by the FBI.
Attorney General Merrick Garland said both men are accused of being linked to the Russia-based Revil ransomware gang, whose attacks have compromised thousands of computers around the world and received at least $200 million in ransom payments. Victims include the world’s largest meat processor, JBS SA, and a technology company called Kasia, which was killed in a holiday weekend attack. That company said between 800 and 1,500 businesses dependent on its software were affected.
The coordination of multiple agencies in the Biden administration is perhaps the most high-profile response ever to a spate of ransomware attacks that officials say threaten national security and the economy. Deputy Attorney General Lisa Monaco foreshadowed Monday’s announcement in an interview with The Associated Press last week, saying that “in the coming days and weeks, you’re going to see more arrests” as well as more seizures of illegal ransomware proceeds. .
Speaking at a news conference on Monday, she said, “We are using every tool at our disposal and taking advantage of every right to hunt down accountable cybercriminals wherever they want to hide.”
The indictment accuses 22-year-old Wasinski of deploying Revil ransomware, also known as sodinokibi, against victims around the world — including the massive Kasia attack. Yevgeny Polyanin, a Russian national, has been charged in a separate indictment, accusing him of carrying out nearly 3,000 ransomware attacks on companies and other entities, including law enforcement agencies and local governments in the state of Texas.
Both indictments were filed in federal court in the Northern District of Texas, a state where Revil ransomware compromised computer networks. Out of some two dozen local government agencies in the summer of 2019.
The US is seeking Wasinski’s extradition from Poland to Texas. While it successfully recovered $6 million in ransomware payments from Palinen, the FBI is seeking his arrest, and the State Department on Monday announced a $10 million reward for anyone found to be part of the REvil group. Also leading to capture the leader.
Meanwhile, the Treasury Department announced sanctions against the pair as well as what it said was a virtual currency exchange, Chatex, used by a ransomware gang.
President Joe Biden praised the government’s actions, saying he is making good on his commitment to Russian leader Vladimir Putin that the US will hold cybercriminals accountable. He said the US is “bringing the full force of the federal government to disrupt malicious cyber activity and actors” and to “increase resilience at home”.
The criminal charges were announced hours after European law enforcement officials disclosed the results of a lengthy, 17-nation operation known as Golddust. As part of that operation, Europol said, a total of seven hackers linked to Reville and another ransomware family have been arrested since February, including two last week by Romanian authorities.
The Justice Department has tried a number of approaches to address a ransomware wave that it regards as a national security and economic threat. The arrests of foreign hackers are important to the Justice Department because many of them operate in asylum in countries that do not extradite their own citizens to the US for prosecution.
“There are many reasons why people travel, and I can’t go into specific reasons why Mr. Wasinski traveled, but we’re glad he did,” FBI Director Christopher Wray said on Monday.
Still, the ransomware threat has been tough to curb. Monaco told the NWN last week that even after Biden’s admonitions to Putin last summer To rein in ransomware gangs, “we have not seen any physical change in the landscape.”
Garland declined to respond directly when asked if there was evidence that the Russian government was aware of Revil’s activities, but said, “We do expect and expect that any government where these ransomware actors are living, She will do everything she can to provide that person with us. Prosecutors.”
The $6.1 million seizure in this case builds on a similar success months earlier.
Justice Department Seized $2.3 Million in Cryptocurrency in June from payments made by Colonial Pipeline Following a ransomware attack that caused the company to temporarily stop operations, leading to a fuel shortage in some parts of the country.
Suderman reported from Richmond, Virginia. Associated Press writer Jake Bleiberg in Dallas contributed to this report.
Follow Eric Tucker on Twitter http://www.twitter.com/etuckerAP.