The US justice department is expected to announce it has charged a suspect over the damaging Kaseya ransomware attack in July, it has been reported.
CNN said Ukrainian national Yaroslav Vasinskyi and Russian national Yevgeniy Polyanin will face charges relating to the deployment of ransomware known as REvil in the incident, which affected up to 1500 organizations throughout the world. These include conspiracy to commit fraud, money laundering and other charges.
Vasinskyi was arrested in Poland last month, although Polyanin currently remains at large.
It is expected US officials will also reveal they seized at least $6m in ransomware payments received by Polyanin as part of their investigation into the incident.
REvil is believed to be responsible for numerous other high-profile ransomware attacks this year, including Colonial Pipeline, Apple and JBS. While the group was forced offline following the Kaseya attack, it’s ‘Happy Blog’ site re-emerged last month. However, it was quickly shut down again following operations by U.S. Cyber Command and a foreign government that targeted the criminals’ servers.
The news will be a great boost to the efforts of the Biden administration to disrupt the actions of ransomware gangs amid surging attacks. Last month, it was revealed the US Treasury has tracked $5.2bn worth of Bitcoin transactions likely to have been ransomware payments in the first half of 2021.
Commenting on the story, Bob Rudis, chief data scientist at Rapid7, said: “REvil has caused massive damage during their tenure as the "Amazon" of criminal ransomware as a service (RaaS) operators. The Kaseya attack enabled by their platform was not a minor event and caused havoc in both meatspace and cyberspace, impacting families, schools, municipalities, healthcare providers, small businesses and large enterprises across the globe. It is encouraging to see what can be done when policy meets enablement and authorities are given support and resources to take decisive action. I'm hopeful that as more criminals are caught and prosecuted, and as their ill-gotten gains are recovered, we will finally start to see attackers move on to other, less risky business models (or go away completely, but that is more of a dream than likelihood).”