$6 Million in Crypto Seized from REvil Ransomware Group
The US Department of Justice has announced charges against a REvil ransomware affiliate responsible for the July attack against the Kaseya MSP platform, which had ripple effects as far as Australia, and also seized more than US$6 million from another REvil partner.
The alleged ringleader is 22-year old Ukrainian national Yaroslav Vasinskyi, arrested for cybercriminal activity last month at the behest of the US when he tried to enter Poland. Vasinskyi is one of seven REvil ransomware affiliates apprehended so far in a concerted international effort to combat a growing ransomware threat.
According to the indictment, Vasinskyi is a long-time affiliate of the REvil ransomware operation, having been involved since March 2019 and deploying an estimated 2,500 attacks against businesses worldwide.
Ransom Demands Top $767 Million
An FBI investigation revealed that Vasinskyi’s ransom demands totalled US$767 million but victims paid only $2.3 million. He is believed to have deployed ransomware on the networks of at least nine US companies. The entire REvil ransomware operation has ensnared more than US$200 million since it began its activities and encrypted at least 175,000 computers.
Of all the companies attacked, Kaseya’s ransom was by far the biggest, with US$70 million demanded to decrypt all its systems.
The US has requested Vasinskyi’s extradition and has unsealed the charges against him. Law enforcement has also impounded US$6.1 million from another REvil ransomware affiliate, Russian national Yevgeniy Polyanin, who is still at large. Polyanin is believed to be responsible for about 3,000 ransomware attacks against various organisations, including multiple US government entities and private-sector companies, extorting around US$13 million in total.
The joint charges against Polyanin and Vasinskyi are:
- conspiracy to commit fraud and related activity in connection with computers (one count for each defendant);
- intentional damage to a protected computer (nine counts for Vasinskyi, 12 for Polyanin); and
- conspiracy to commit money laundering (one count for each defendant).
Seven REvil Affiliates Apprehended in Five Months
A total of seven affiliates of the REvil ransomware operation have been apprehended over five months with assistance from various jurisdictions, including police from Romania, Canada, France, the Netherlands, Poland, and the governments of Norway and Australia.
The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other REvil actors in Romania are the culmination of close collaboration with our international and private sector partners.Christopher Wray, FBI director
In July, several retail operations in Australia were affected by REvil’s attack on Kaseya. Consequently, last month the Australian government outlined plans to tighten the screws on ransomware attacks on local businesses and individuals.