U.S. Announces Arrest of REvil Ransomware Hacker, Seeks Extradition

U.S. Announces Arrest of REvil Ransomware Hacker, Seeks Extradition
Deputy US Attorney General Lisa Monaco. (Photo: JONATHAN ERNST / POOL / AFP, Getty Images)

As a global crackdown on ransomware operators continues, the Justice Department announced Monday the arrest of a hacker with alleged ties to the REvil group, as well as the seizure of some $US6.1 (A$8.22) million in ransom payments.

During a press conference, Justice officials announced details of the arrest of Yaroslav Vasinskyi, a 22-year-old Ukrainian national, who is alleged to be connected to REvil and was recently taken into custody as the result of an international law enforcement operation.

REvil, which emerged in 2019, has been responsible for a number of attacks on prominent U.S. businesses and entities. According to court documents unsealed Monday, Vasinskyi helped carry out a large attack on global IT provider Kaseya this past July — the likes of which affected hundreds of businesses throughout the world.

Vasinskyi recently travelled from Ukraine and entered Poland, where he was arrested, officials said Monday. American officials have now requested that he be extradited to the U.S. and a federal indictment connected to Vasinskyi was also unsealed on Monday.

Justice officials also announced charges against Yevgeniy Polyanin, a 28-year-old Russian national who is accused of “conducting Sodinokibi/REvil ransomware attacks against multiple victims,” including a prominent attack in Texas in 2019 that saw 22 different towns and cities hit simultaneously.

The State Department also recently announced a $US15 (A$20.22) million reward for anyone who can provide information leading to the arrest of additional members of the REvil gang.

Merrick Garland, the U.S. Attorney General, spoke during Monday’s press conference, noting that ransomware was a threat to a multitude of U.S. interests.

“These attacks have targeted our critical infrastructure, law enforcement agencies, hospitals, schools, municipalities, and businesses of all sizes,” said Garland. “Together, with our partners, the Justice Department is sparing no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack.”

Garland described Vasinskyi as “an alleged perpetrator of a significant, wide-reaching” attack.

It’s unclear if Vasinskyi was fleeing to Poland when he was arrested. When queried on the issue at Monday’s press conference, FBI Director Christopher Wray said merely: “People travel for lots of reasons,” adding “But boy, are we glad that he did.”

The Kaseya attack, which occurred over the 4th of July weekend, was one of the largest of its kind in recent memory. REvil’s malware was used to infect Kaseya’s software, which subsequently infected the company’s customer base. A total of some 1,500 businesses were ultimately affected by the attack.

“Our message to ransomware criminals is clear: If you target victims here, we will target you,” said Deputy Attorney General Lisa A. Monaco at Monday’s press conference. “The Sodinokibi/REvil ransomware group attacks companies and critical infrastructures around the world, and today’s announcements showed how we will fight back.”

This is a breaking news story. It will be updated when more information becomes available.