US charges two suspected hackers over ransomware attacks

The Biden administration has charged two suspected hackers, nationals of Russia and Ukraine, respectively, in connection with a wave of ransomware attacks that targeted US companies earlier this year.

The United States Justice Department announced the charges on Monday, saying it recovered $6.1m in ransom payments made to one of the suspects.

Yaroslav Vasinskyi, a 22-year-old Ukrainian, and 28-year-old Yevgeniy Polyanin, a Russian national, are accused of using the ransomware REvil to lock the computer systems of American companies and then demanding ransom payments to release them.

“Together with our partners, the Justice Department is sparing no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack,” US Attorney General Merrick Garland told reporters as the charges were announced.

The two suspects were charged in separate indictments.

The US has accused Vasinskyi of helping to author the ransomware REvil, which focused on the Florida-based software company Kaseya in early July, affecting as many as 1,500 businesses worldwide.

REvil has also been linked to an attack against the world’s largest meat processor, JBS SA, earlier this year.

Vasinskyi was arrested in Poland last month at the request of the US, which has also asked for his extradition, the Justice Department said.

Meanwhile, Polyanin – who remains at large – is accused of conducting nearly 3,000 ransomware attacks that affected “numerous companies and entities across the United States, including law enforcement agencies and municipalities throughout the state of Texas”, said Garland.

Ransomware attacks have increased over the past year, targeting big and small businesses, as well as local governments and hospitals.

A cyberattack against the Colonial Pipeline in May disrupted fuel delivery in the southeastern US for several days. The US government said a month later that it had recovered most of the $4.4m ransom paid in cryptocurrency to the perpetrators of that attack.

President Joe Biden welcomed the charges against the suspects on Monday, saying that cybersecurity has been a “core priority” for his administration.

“We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals,” Biden said in a statement.

The US indictments coincided with the arrest of two other suspected ransomware operators with links to REvil by European law enforcement authorities in Romania.

Europol said the arrests were part of “joint international law enforcement efforts” to crack down on cybercriminals, but it did not release the names of the suspects. It added that three other suspects affiliated with REvil have been arrested since February.

Last month, the White House hosted a virtual, international summit on combating ransomware that was attended by more than 30 countries.

“We intend to cooperate with each other and with other international partners to enhance the exchange of information and provide requested assistance where able to combat ransomware activity leveraging infrastructure and financial institutions within our territories,” the participants said in a joint statement at the end of the event.