US Indicts Ukrainian National For Alleged Role in REvil Ransomware Cases
16:46 GMT 08.11.2021 (Updated: 13:25 GMT 06.08.2022)
WASHINGTON (Sputnik) - US prosecutors indicted Ukrainian national Yaroslav Vasinskyi for his alleged involvement with the Sodinokibi/Revil ransomware group and are seeking his extradition from Poland, according to court filings released on Monday.
The court filing from Acting US Attorney Chad Meacham moved to unseal the indictment of Vasinskyi, as well as his arrest warrant. The documents detail Vasinskyi’s alleged role in approximately 2,500 ransomware attacks through the group that received roughly $2.3 million in ransom payments.
The unsealed indictment lists charges for Vasinskyi including conspiracy to commit computer fraud, conspiracy to commit money laundering, and intentional damage to a protected computer.
Earlier, CNN reported that US authorities had seized $6 million in ransom payments and were expected to charge Ukrainian national Yaroslav Vasinskyi and Russian national Yevgeniy Polyanin for the REvil ransomware hacks.
The $6 million in recovered funds is allegedly linked to payments made by victims of the REvil ransomware tool used by Vasinskyi and Polyanin, who are expected to face charges including conspiracy to commit fraud and conspiracy to commit money laundering, US officials are expected to announce, the report said.
The REvil ransomware attacks included the US-based software firm Kaseya in July, which impacted up to 1,500 businesses worldwide, the report said.
Vasinskyi is held in Poland, where he was recently arrested, pending extradition to the United States, while Polyanin’s whereabouts remain unknown, the report added.
The Biden administration has been working alongside international partners to combat the rising threat of ransomware to businesses and critical infrastructure, with the State Department last month establishing a Bureau of Cyberspace and Digital Policy to focus on international cybersecurity efforts.
The State Department announced on Thursday a reward of up to $10 million for information leading to the identification or location of anyone who holds a key leadership position in the DarkSide ransomware group, which is said to be responsible for the Colonial Pipeline ransomware attack in May.