December 6, 2022

US seizes $ 6 million in ransom and Ukraine is expected to be blamed for major cyber attack

Yaroslav Wasinsky, a Ukrainian national arrested in Poland last month, is facing US charges for using a ransomware called REvil, which was used in hacks that cost US companies millions of dollars. Wasinsky carried out a ransomware attack on Florida-based software company Casey in the fourth weekend of July, affecting 1,500 businesses worldwide, according to allegations filed by the judiciary.

Vasinskyi and another accused REvil activist, Russian Yevgeniy Polyanin, are expected to be charged with conspiracy to commit fraud and money laundering, among other charges. As part of the investigation, authorities seized at least $ 6 million in funds allegedly related to the ransom received by Polian, which U.S. officials are expected to announce.

Wasinsky, 22, is pending US extradition proceedings in Poland, while Paulinin, 28, is in hiding. Cyber ​​scoop, first Reported That Wasinsky was arrested.

The law enforcement bust is one of the most influential actions of the Biden administration’s multifaceted fight against ransomware. Some ransomware groups continue to break into US companies and demand payments, while others have been quiet in recent months.

U.S. officials continued diplomacy with the Russian government, allowing cryptocurrency exchanges and advising companies to increase their cyber security. But experts say handcuffing ransomware operators is an important part of US strategy to prevent attacks. Europol announced on Monday that Romanian authorities had arrested two additional REvil operatives last week. And South Korean officials A Russian man was extradited to the United States last month on charges of being part of a different crime ring that has infected millions of computers around the world.

REvil stands alone in the face of a series of shameful attacks, in a crowded landscape of cybercriminals. The group reportedly demanded $ 50 million from Apple earlier this year after hacking into one of the tech company’s suppliers.

The FBI has blamed REvil for the May ransomware attack on JBS USA, which accounts for one-fifth of US beef production. The incident forced JBS to suspend production at factories in Australia, Canada and the United States. JPS paid hackers $ 11 million to open their computers.

REvil was a tumultuous few months. The websites used by the team to extract money from the victims of the ransom and humiliation after the Kasaya hack went offline. Will appear again in September. But the group closed again last month after a foreign government and the US military’s hacking unit, the Cyber ​​Command, compromised the group’s computer infrastructure. Washington Post Report.
The State Department provides $ 10M for information on colonial pipeline hackers
President Joe Biden In June Russian President Vladimir Putin calls for action against criminal hackers who hold US companies hostage. But the Russian government has historically been reluctant to pursue cybercriminals on its own soil until hackers avoid attacking Russian targets.
From the Biden-Putin summit, US Deputy Attorney General Lisa Monaco said, “We do not see a major change in the landscape.” Told the Associated Press Last week. “Only time will tell what Russia can do on this front.”

To increase pressure, the State Department last week announced a $ 10 million reward for key information about hackers known as the DarkSite ransomware, which forced the closure of Colonial Pipeline, the United States’ main fuel supplier, for several days in May.

Government agencies have relied heavily on private professionals to pursue criminal hackers. For example, cybersecurity company MCSoft has saved millions of dollars in rescuing victims of a type of ransomware. Detecting a flaw in the code of hackers.

No law enforcement action will be a fatal blow to the lucrative, transnational ransomware economy.

Chainysis, a cryptocurrency watchdog, says victims of ransomware attacks will pay $ 350 million in ransom by 2020. But that number is only part of the digital blackmail that took place that year. Victims who do not pay the ransom can spend millions of dollars to rebuild their computer infrastructure.

FBI Director Christopher Wray told lawmakers in September that the Bureau was investigating more than 100 different types of ransomware.

Evan Perez of CNN contributed to the reporting.