The Justice Department on Monday announced a series of measures aimed at cracking down on one of the world’s largest ransomware criminal groups, arresting a perpetrator and seizing a portion of ransom payments the group had obtained from victims.
The Justice Department and the FBI said they had arrested Yaroslav Vasinskyi, also known online as Rabotnik, who is accused of being one of the men who authored the REvil ransomware that in July targeted a global software company called Kaseya and affected about 175,000 computers worldwide.
The attack also netted a ransom of as much as $200 million, Attorney General Merrick Garland said.
“As a result of the Kaseya attack, businesses that relied on Kaseya's services across the United States and around the world were impacted,” Garland said.
Miami-based Kaseya provides information technology services.
In August, the FBI issued a sealed indictment against Vasinskyi for perpetrating the attack, which is suspected to have been organized by the REvil group based in Russia. The group also goes by the name Sodinokibi.
In October, when Vasinskyi attempted to cross into Poland from Ukraine he was arrested, Garland said. He is being held in Poland pending extradition to the United States.
Garland also announced that the Justice Department had seized $6.1 million of ransom payments that went to another REvil group perpetrator and Russian national, Yevgeniy Polyanin.
The indictment against Polyanin alleges that he carried out about 3,000 ransomware attacks affecting numerous U.S. companies, municipalities and government agencies and extorted as much as $13 million from victims, Garland said.
The Biden administration has made it a top priority to crack down on ransomware attacks that have crippled critical infrastructure operators, hospitals, schools, cities and municipalities across the United States and the world.
The Treasury Department also has mounted an effort to crack down on the use of cryptocurrency by criminals to demand ransom payments after deploying malware that locks up victims’ computers.
In addition to the attack on Kaseya, the REvil group also was behind an attack on JBS Foods, a global agriculture and meat processing company with offices in the United States, Australia, Canada, Mexico and Europe.
Separately, the State Department announced a $10 million bounty to anyone offering information about the leader of the Sodinokibi group. The department is offering another $5 million reward for information leading to the arrest of anyone involved in the Sodinokibi ransomware attack. The rewards are part of the department’s Transnational Organized Crime Rewards Program.