U.S. Attorney General Merrick Garland, shown here testifying in Congress last month, said Monday, "The U.S. government will continue to aggressively pursue the entire ransomware ecosystem and increase our nation's resilience to cyberthreats." Photo by Tasos Katopodis/UPI | License Photo
Nov. 8 (UPI) -- Law enforcement officials in Poland have arrested a 22-year-old Ukrainian citizen accused of targeting companies around the world with ransomware attacks that raked in millions of dollars.
Court documents unsealed Monday in the Northern District of Texas reveal that Yaroslav Vasinskyi, 22, was arrested last month on a request by the U.S. government when he tried to enter Poland from Ukraine. The United States is seeking Vasinskyi's extradition.
U.S. Attorney General Merrick Garland, speaking at a news conference Monday, announced the Aug. 11 indictment of Vasinkyi, as well as the unsealing of an indictment against Russian national Yevgeniy Polyanin.
Polyanin, 28, is accused of executing 3,000 ransomware attacks that extorted $13 million from victims. In a news release, the U.S. Department of Justice also announced the seizure of $6.1 million in funds traceable to alleged ransom payments received by Polyanin, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on or about Aug. 16, 2019.
As for Vasinkyi, Garland said he was responsible for the July 4 attack on information technology company Kesaya and its customers. Vasinsyi is believed to be part of the group called REvil.
On July 5, the company said, "Kaseya's VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams' fast response, we believe that this has been localized to a very small number of on-premises customers only. "
According to Garland, Varinskyi authored the ransomware software, installed it on Kesaya's network, demanded ransom and then laundered the money.
Those attacks resulted in $200 million in ransom paid to him by the victims, Garland said.
"Vasinksy's arrest demonstrates how quickly we will act alongside our international partners to identify, locate and apprehend alleged cybercriminals no matter where they are located," Garland said.
He added that part of the goal of the Justice Department is to return the money that was laundered to the victims.
"The U.S. government will continue to aggressively pursue the entire ransomware ecosystem and increase our nation's resilience to cyberthreats," he said. "We all must play a role in improving our cyberdefenses. This includes the American business community."
Garland also urged all victims of ransomware attacks to avoid delay in informing law enforcement.
"Failure to timely report puts other potential victims into jeopardy," he said.
Acting U.S. Attorney Chad E. Meacham, of the Northern District of Texas, said: "Ransomware can cripple a business in a matter of minutes. These two defendants deployed some of the Internet's most virulent code, authored by REvil, to hijack victim computers. In a matter of months, the Justice Department identified the perpetrators, effected an arrest and seized a significant sum of money. The department will delve into the darkest corners of the Internet and the furthest reaches of the globe to track down cyber criminals."
Meanwhile, in Europe, Europol announced Monday the arrests of seven suspected of working as "affiliates" for a REvil and GandCrab Ransomware-as-a-Service operations.
Ransomware attacks in recent years have held many businesses' operations and data hostage. In May, a ransomware attack on the Colonial Pipeline Co. forced it to disable the pipeline for days. That resulted in temporary supply shortages and panic buying.