U.S. charges Ukrainian national for Kaseya ransomware attack

The US Department of Justice has charged a Ukrainian national for his alleged role in a July 2 cyberattack on Kaseya that resulted in the REvil ransomware sample being deployed on some 1,500 of the company’s downstream customers.

Yaroslav Vasinskyi, 22, was arrested in Poland on Oct. 8 on a US arrest warrant. He is currently awaiting extradition to the US, where he faces additional charges related to ransomware attacks against numerous other companies. If convicted on all charges, Vasinskyi faces a maximum sentence of 115 years in prison.

In unsealing the indictment against Vasinskyi on Monday, the DoJ said it had also seized $6.1 million in ransom payments that allegedly were received by another REvil operator — Russian national Yevgeniy Polyanin, 28. The DoJ has charged Polyanin with carrying out ransomware attacks against businesses and government entities in Texas back in August 2019. Polyanin, who is currently still at large abroad, faces a maximum sentence of 145 years if convicted on all charges.

Vasinskyi is one of five individuals who have been arrested worldwide since February 2021 for allegedly deploying REvil (aka Sodinokibi) on systems belonging to organizations in multiple countries, including the US, Germany, and France. Two were arrested Nov. 4 in Romania, two were arrested in South Korea, and Vasinskyi was arrested in October in Poland. It’s not clear when the two REvil-related arrests in South Korea happened. These five are believed to have been responsible for deploying REvil on systems belonging to some 5,000 organizations.

In addition to the arrests related to REvil, international law enforcement authorities have arrested two other individuals for deploying Gandcrab, the predecessor to REvil.

Together, the seven suspects are believed responsible for ransomware attacks on some 7,000 victims worldwide that resulted in a ransom demands totaling over $231 million.

The arrests are the result of a 17-country, Romania-led operation dubbed GoldDust that was originally put into motion back in 2018 to take out the operators of Gandcrab — one of the most prolific ransomware samples to date, with more than a million victims. In May 2021, law enforcement teams from France, Germany, Romania, and Europol expanded GoldDust with a joint investigation team focused on tracking down the operators of REvil.

To read the complete article, visit Dark Reading.