Sun Sentinel Palm Beach Edition
US charges pair of suspected REvil hackers with ransomware attacks
WASHINGTON — Two suspected hackers have been charged in the U.S. in connection with a wave of ransomware attacks, including one that led to the temporary shutdown of the world’s largest meat processor and another that snarled businesses around the globe on the Fourth of July weekend, officials said Monday.
Attorney General Merrick Garland and other top officials announced charges against Ukrainian Yaroslav Vasinskyi and Russian Yevgeniy Polyanin, alleging them to be part of the REvil ransomware gang. Officials said Vasinskyi was recently arrested in Poland and that the U.S. government had recovered $6.1 million in ill-gotten funds from Polyanin.
“The Justice Department is sparing no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack,” Garland said.
The Treasury Department also announced sanctions against the pair as well in what it said was a virtual currency exchange, Chatex, which the department said was used by ransomware gangs.
REvil, also known as Sodinokibi, has been linked to ransomware targeting the world’s largest meat processor, JBS SA, as well as a Fourth of July weekend attack that snarled businesses around the world through a breach of a Florida-based software company called Kaseya.
European authorities also announced they had arrested two other ransomware suspects with links to REvil in Romania. They are among seven hackers suspected to have links to ransomware attacks that have targeted thousands of victims and have been arrested since last February as part of a global cybercrime crackdown.
Europol said two suspected hackers believed to be linked to the ransomware gang known as REvil were arrested last week for involvement in attacks that yielded about $580,000 in payments. Authorities in Kuwait arrested another accused hacker last week, and South Korean authorities have arrested three since last February. A seventh was arrested last month in Europe. The arrests were part of an investigation called GoldDust that involved the U.S. and 16 other countries.
The DOJ in June seized $2.3 million in cryptocurrency from a payment made by Colonial Pipeline following a ransomware attack that caused the company to temporarily halt operations, creating fuel shortages in parts of the country.