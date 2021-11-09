The US Department of Justice indicted a Ukrainian citizen and a Russian in one of the worst ransomware attacks against US targets, court documents showed Monday.

The latest US actions follow a series of measures taken to combat an increase in ransomware that has affected several large companies, including an attack on the largest fuel pipeline in the United States that paralyzed fuel supplies for several days.

An indictment charged Ukrainian Yaroslav Vasinskyi, who was arrested in Poland last month, with breaking into Florida software provider Kaseya over the weekend of July 4.

From there, he and his accomplices simultaneously distributed REvil ransomware to up to 1,500 Kaseya customers, encrypting their data and forcing some to shut down for days, he said.

Vasinskyi is accused of breaking into victim companies and installing encryption software, developed by the core group REvil. REvil handled the bailout negotiations directly and split the proceeds with affiliates like Vasinskyi. This model allowed the notorious ransomware gang to extort cryptocurrency from numerous companies.

Kimberly Goody, director of financial crime analysis at security firm Mandiant, said targeting affiliates could be more effective than going after major gangs, because their skills are more prized than encryption software, which is ubiquitous. Some affiliates also work with multiple gangs.

The arrest was part of an ongoing major raid against key ransomware figures coordinated by the FBI, Europol, and national law enforcement organizations across Europe, with the help of private security companies.

REvil, also involved in an attack on the world’s leading meatpacker JBS SA, was penetrated by the joint operation, Reuters previously reported, and authorities recovered $ 6 million in ransom payments.

REvil announced it was shutting down last month, as did a rival gang involved in the Colonial Pipeline hack.

Vasinskyi and another alleged REvil agent, Russian national Yevgeniy Polyanin, were charged in the United States District Court for the Northern District of Texas with conspiracy to commit fraud and conspiracy to commit money laundering, among other crimes.

The Treasury Department said the two face penalties for their role in ransomware incidents in the United States, as well as a virtual currency exchange called Chatex “to facilitate financial transactions for ransomware actors.”

Latvian and Estonian government agencies were vital to the investigation, the Treasury said.

“International partnerships can disrupt bad actors,” former US civil defense attorney Chris Krebs said on Twitter.

Nice work here constantly increasing the pressure on ransomware operators. Evidence that international associations can disrupt bad actors. Improve defenses, make it difficult to transfer $ and #ImposeCosts. It won’t eradicate the r’ware, but it will limit the opportunities. https://t.co/8JymANjSAB

– Chris Krebs (@C_C_Krebs) November 8, 2021

Deputy Attorney General Lisa Monaco credited Kaseya for her help in the investigation. “We are here today because in her darkest hour, Kaseya made the right decision and they decided to work with the FBI … by doing so, we were able to identify and help many victims of this attack.”

The Treasury said that more than $ 200 million in ransom payments were paid in Bitcoin and Monero.

Vasinskyi, 22, was detained in Poland pending extradition proceedings from the United States, while Polyanin, 28, remains at large. Russia’s tolerance of major gangs targeting critical America’s industry has been a high point in relations with the Biden administration.

President Joe Biden said Monday that his administration has taken “important steps to strengthen” America’s critical infrastructure against cyberattacks. “When I met with President Putin in June, I made it clear that the United States would take steps to hold cybercriminals accountable. That is what we have done today, “he said in a statement released by the White House.

Although the discussions continue, security experts and most US officials said they had not seen an overall decline in ransomware attacks. The encryption software used for such attacks is freely available.

Reuters was unable to contact legal representatives for the two accused men on Monday, and no attorney for them was listed in the court documents.

The indictment says the Ukrainian hacker and other conspirators began deploying hacking software around April 2019 and regularly updated and refined it. He said he also laundered money obtained through the extortion scheme.

Europol said on Monday that Romanian authorities arrested two other people suspected of attacks using REvil ransomware on 4 November. South Korean officials previously arrested three more people associated with REvil and two related strains of ransomeware, Europol added.

Twelve suspects believed to have mounted ransomware attacks against companies or infrastructure in 71 countries were “targets” of raids in Ukraine and Switzerland, Europol said on Friday.

(REUTERS)