U.S. indicts 2 men behind major ransomware attacks
Updated November 8, 2021 at 4:03 PM ET
The Justice Department says authorities have indicted two men in connection with a wave of ransomware attacks that, among other targets, shut down a meat processing company and an internet software provider earlier this year.
Attorney General Merrick Garland says one of the men, Yaroslav Vasinskyi, 22, a Ukrainian, was arrested when he traveled to Poland. The second man was identified as Yevgeniy Polyanin, a 28-year-old Russian. Garland says the U.S. seized some $6.1 million from Polyanin.
Both men are said to be part of an organized crime group called REvil, which conducts ransomware attacks that encrypt the data of companies and demand payments to unblock them.
Polyanin is believed to be abroad, the department says.
Garland asserted that the "U.S. government will continue to aggressively pursue the entire ransom ware ecosystem and increase our nations resilience to cyber threats."
In a statement, President Biden said, "When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable. That's what we have done today."
The president added that while much work remains to be done, "we have taken important steps to harden our critical infrastructure against cyberattacks, hold accountable those that threaten our security, and work together with our allies and partners around the world to disrupt ransomware networks."
The Justice Department says that Vasinskyi was allegedly responsible for the July 2 ransomware attack against Kaseya, "which resulted in the encryption of data on computers of organizations around the world that used Kaseya software."
It says that Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.
Earlier this year, Deputy Attorney General Lisa Monaco launched a task force to combat the large and growing problem of ransomware, which has targeted hospitals, 911 call centers, local law enforcement agencies and private businesses.
In an interview with NPR, Monaco said her team is moving swiftly to follow the money — and using multiple tools, not just arrests.
"We went after the cryptocurrency that was paid in ransom by the victims here, and we went and we traced it and we seized it, and now we'll be able to return that money to the victims," Monaco said. "We're using all of our authorities, and we're doing it at a scale and speed that we haven't done before."
The State Department, meanwhile, announced it is offering a $10 million reward for information leading to the identification or location of "any individual holding a key leadership position" in the REvil ransomware organized crime group, also known as Sodinokibi. It is offering a $5 million reward for information "leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident."
The Biden administration is pressing Congress to pass a new law that would create a national standard to report cyber incidents, including a requirement that the Justice Department be notified. Monaco said such a step is critical to help investigators track cyber criminals and prevent the next victim.
"It's essential that we get that information, that cooperation very rapidly from the victims so that we can work to stop the next attack," Monaco said.
Copyright 2021 NPR. To see more, visit https://www.npr.org.