Today, the US Department of Justice announced charges against a REvil ransomware affiliate in connection with the July 2 attack on the Kaseya MSP platform, as well as the seizure of over $6 million from another REvil partner.
Yaroslav Vasinskyi, a 22-year-old Ukrainian citizen, was caught for cybercrime on October 8 at the request of the US while attempting to enter Poland from his home country.
Profcomserv, Rabotnik New, Rabotnik, Yaraslav2468, Yarik45, and Affiliate 22 are some of Vasinskyi’s aliases. He is one of seven REvil ransomware associates captured so far as part of worldwide operations to battle the menace.
While the news of Vasinskyi’s detention didn’t go unnoticed, the reason for his arrest remained unknown until his indictment and arrest warrant were announced on November 5.
The Department of Justice revealed the accusations against Vasinskyi during a news conference today, emphasizing his role in the Kaseya cyberattack, which damaged over 1,500 businesses worldwide.
Vasinskyi, as per the indictment, has been a long-time affiliate of the REvil ransomware organization, having been a member of it since at least March 1, 2019, and has carried out around 2,500 operations against businesses throughout the world.
The probe revealed that Vasinskyi demanded $767 million in ransom. However, victims only gave $2.3 million. The operator is thought to have infected at least nine firms’ networks in the United States with ransomware.
The whole REvil ransomware operation, on the other hand, has received more than $200 million in funding since it began operating and has encrypted a minimum of 175,000 systems.
The Kaseya managed service provider (MSP) cyberattack was the most serious, with a ransom demand of $70 million to decrypt all the systems.
This event prompted the United States to launch a large-scale campaign against the ransomware menace in collaboration with law enforcement agencies worldwide. Vasinskyi’s extradition is currently being sought, and the allegations against him have been unsealed.
According to the Department of Justice, law enforcement recovered $6.1 million from yet another REvil ransomware associate, Russian national Yevgeniy Polyanin.
Polyanin (a.k.a. LK4D4, damn2Life, Damnating, Antunpitre, Noolleds, Affiliate 23) has carried out about 3,000 ransomware attacks against a variety of organizations, including many US government agencies and private-sector firms, extorting around $13 million from victims.
Polyanin allegedly accessed and encrypted the networks of 13 government institutions in Texas on August 16, 2019, according to the indictment.
The US Department of Treasury has issued sanctions on Polyanin and Vasinskyi, prohibiting any property and interests in their property coming within US jurisdiction, as part of a campaign to combat the ransomware menace.