A Ukrainian citizen, believed to be the architect behind the Kaseya hack in July, has been charged by the United States Department of Justice (DOJ) with leading a group that infected computers worldwide with ransomware. $6.1 million was also seized by the DOJ, which is believed to be the proceeds of ransoms paid by companies that were infected with the malware.
Details about the charges were made public during a news conference on Monday where US Attorney General Merrick Garland confirmed the arrest of Yaroslav Vasinskyi last month in Poland and is currently being held until extradition proceedings are completed.
According to court documents, Vasinskyi was allegedly responsible for the July 2 ransomware attack against Kaseya. In the alleged attack, Vasinskyi caused the deployment of malicious Sodinokibi/REvil code throughout a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to “endpoints” on Kaseya customer networks. After gaining remote access to the Kaseya endpoints, the ransomware was executed, and data on computers of organizations around the world that used Kaseya software was encrypted.
The US government has also seized more than $6.1 million as part of a hacking campaign linked to another REvil affiliate, Russian national Yevgeniy Polyanin, who is accused of executing 3,000 ransomware assaults and extorting around $13 million from victims, according to authorities.
Polyanin and Vasinskyi are charged in separate indictments with conspiracy to commit fraud and other computer-related charges, as well as substantive counts of damage to protected computers and conspiracy to launder money. Each faces a maximum sentence of 115 years if convicted of all counts.
The State Department also recently announced a $15 million reward for anyone who can provide information leading to the arrest of additional members of the REvil gang.
“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” said Attorney General Garland. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”
This case is part of the Department of Justice’s Ransomware and Digital Extortion Task Force, which was formed to combat the ever-increasing number of ransomware and digital extortion attacks.