U.S. Seizes $6M From Ransomware Hacker Suspected of Attacking Thousands of Companies

Over $6 million in ransom payments were seized from a suspected hacker by U.S. law enforcement officials, and on Monday, the Justice Department announced charges against two individuals affiliated with the ransomware group REvil.

Ukrainian national Yaroslav Vasinskyi, 22, is facing charges for allegedly conducting a REvil ransomware attack against the Florida software firm Kaseya in July, the Justice Department said. In that attack, Vasinskyi allegedly infected up to 1,500 businesses around the world and at least 200 in the U.S.

Additionally, the Justice Department announced authorities seized $6.1 million in ransom payments from 28-year-old Russian national Yevgeniy Polyanin. Polyanin, who is also allegedly a REvil operator, is accused of conducting a total of over 3,000 ransomware attacks and collecting at least $13 million in ransom payments. Both Vasinskyi and Polyanin are now facing charges that include conspiring to commit fraud, extortion, and money laundering.

Vasinskyi was arrested last month in Poland and is being held there while waiting for U.S. extradition proceedings, while Polyanin remains at large, CNN first reported on Monday.

The latest law enforcement crackdown comes after REvil operatives have been accused of committing hacks that have cost U.S. companies millions of dollars. In May, the group, which is based in Russia, was blamed by the FBI for a ransomware attack against JBS, which accounts for nearly a fifth of American beef production.

That incident forced the company to pay hackers $11 million to unlock their system and caused JBS to temporarily shut down production in Australia, Canada and the U.S. REvil operatives were also associated with a May cyberattack on the U.S. Colonial Pipeline that led to widespread gas shortages along the East Coast.

Earlier this year, REvil also reportedly demanded $50 million from Apple after hacking one of its suppliers, according to CNN.

In tandem with the U.S. announcement, authorities in Romania also announced Monday that two alleged REvil hackers were arrested last week after reportedly causing 5,000 infections and getting 500,000 euros in ransom payments, according to European law enforcement agency Europol.

In announcing the new charges on Monday, FBI Director Christopher Wray said of REvil: "This ransomware strain has wreaked havoc across the globe."

Late last month, REvil was shut down after a multination cyber operation and the U.S. military's hacking unit compromised the group's computer infrastructure using a hacking technique often used by the group itself.

On Monday, Attorney General Merrick Garland said U.S. law enforcement would remain vigilant in pursuing cybersecurity threats around the world.

"The U.S. government will continue to aggressively pursue the entire ransomware ecosystem and increase our nation's resilience to cyberthreats," Garland said.

Update 11/8/21 1:45 ET - this story has been updated with additional information from the Justice Department.