Two men, one from Ukraine and one from Russia, were charged Nov. 8 in connection with the deployment of REvil ransomware attacks on the U.S. government and businesses, according to the Justice Department.
The REvil ransomware gang has been connected to several high-profile ransomware attacks, including those on Las Vegas-based University Medical Center and IT security management software company Kaseya. Last month, multiple countries teamed with the U.S. to hack the ransomware group and force it offline.
Eight details:
1. Yaroslav Vasinskyi, a 22-year-old Ukranian national, has been charged with carrying out ransomware attacks against multiple victims, including the July attack on Kaseya.
2. The Justice Department also seized $6.1 million in funds traced to alleged ransom payments to Yevgeniy Polyanin, a 28-year-old Russian national who is also charged with conducting REvil ransomware attacks against multiple victims in the U.S.
3. The Justice Department alleged that Mr. Vasinskyi and Mr. Polyanin infiltrated the internal computer networks of several victims' companies and deployed REvil/Sodinokibi ransomware to encrypt data on the computers of targeted companies.
4. Mr. Vasinskyi and Mr. Polyanin allegedly left electronic notes in the form of a text file on their victims' computers that included a web address to a privacy network called Tor. The notes also included a public website address the victims could go to recover their files, according to a Justice Department news release.
5. When they visited the defendants' website, victims were given a ransom demand and a virtual currency address to pay the ransom to; if a victim made the payment, Mr. Vasinskyi and Mr. Polyanin would provide a decryption key that let the victims regain access to their files. If a victim did not pay the ransom, the defendants typically published their stolen data online or said they sold it to third parties.
6. Mr. Vasinskyi and Mr. Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers and conspiracy to commit money laundering, according to the Justice Department's release.
7. If convicted on all counts, Mr. Vasinskyi faces a maximum penalty of 115 years in prison and Mr. Polyanin faces a maximum of 145 years.
8. Mr. Vasinskyi was taken into custody Oct. 8 in Poland, where he is being held by authorities pending requested extradition to the U.S. The $6.1 million allegedly seized from Mr. Polyanin was from a warrant issued out of the Northern District of Texas; Mr. Polyanin is believed to be abroad.