The Justice Department has announced the arrest and indictment of an alleged member of the REvil hacking group, linked to ransomware attacks on IT firm Kaseya, an Apple supplier, and more. According to the department, Ukrainian national Yaroslav Vasinskyi is facing extradition to the US after Polish authorities detained him in October and after the US indicted him for cybercrimes in August, as revealed by a now-unsealed court document.
The arrest, along with the government seizing assets it says are linked to REvil’s operations, is another step in the fight against ransomware, which has been a growing issue for US-based companies.
The Jsutice Department also said that it has seized $6.1 million in assets from the FTX crypto trading exchange, allegedly linked to REvil ransomware. The money belonged to Russian national Yevgeniy Polyanin, who has also been indicted for allegedly working with REvil to attack corporate and government targets. Polyanin was also indicted in August, though CNN and the Justice Department report he hasn’t been caught yet.
According to indictments: REvil’s alleged process of breaking into computer networks, gaining control over them, and then stealing companies’ data, locking the rightful owners out by encrypting data and deleting any backups.
However the, companies would be able to gain access back to the data if they paid a ransom — otherwise, their data could be sold or posted to the web. This happened to Apple supplier Quanta, whose documents detailing Apple’s new MacBooks were posted to REvil’s blog well before any official information was released.
The indictments don’t explicitly say what roles Vasinskyi and Polyanin allegedly played in the attacks, only accusing them of being involved and working with other team members to carry out attacks. The Department of Justice says that Vasinskyi and Polyanin could each face over 100 years in prison if convicted on all counts levied against them. Two other people involved with REvil were also arrested.
The arrest and hunt for REvil operators is just part of the government’s work against the ransomware outfit — reports started surfacing in October that the FBI, Secret Service, Cyber Command had taken REvil’s website offline using some of the group’s own tactics against it.
