The highest number of ransomware to date may be affected

In early July, looking forward to the holiday weekend, a ransomware attack Kaseya computer management company disabled hundreds of businesses, known for their encrypted data REvil ransomware team. Now, US authorities have announced a development as unprecedented as the incident itself: the alleged perpetrator, a Ukrainian citizen, was arrested in October and is awaiting extradition from Poland.
They have ransomware groups he acted with relative impunity in recent years, among other things, because many of them are in Russia and have been firmly shut down by the Kremlin. Monday’s Justice Department announcement, however, shows that the hybrid approach landed by law enforcement can work. The arrest and extradition of 22-year-old Yaroslav Vasinskyi shows that officials are capable of catching major players when they flee. And another big announcement, the confiscation of $ 6.1 million in alleged ransomware payments received by Russian national Yevgeniy Polyanin, shows that authorities can disrupt their targets even though they cannot be arrested.
“Vasinsky’s arrest shows how quickly we will act with our international partners to identify, locate and apprehend alleged cybercriminals, wherever they are located,” Attorney General Merrick Garland said Monday at a news conference. “Ransomware attacks are fueled by gainful criminals; that’s why we’re not just chasing the people responsible for these attacks. We are also committed to seizing their illegal profits and returning them whenever we can to the victims of the extortion. ”
The accusations against Vasinskyi and Polyanin do not go into great detail. Vasinskyi allegedly participated with REvil last December 2019 when he responded to an ad in a Russian hacker forum looking for ransomware affiliates. Those who write ransomware code often do what are essentially franchise agreements for hacking tools in exchange for a profit cut — the McDonald’s model of cybercrime. He is accused of attacking Vasinskyi Kaseya, and at the same time spread the word to some of the company’s customers through software updates. After all, the attack affected 1,500 businesses.
Polyanin, 28, is accused of spreading the REvil ransomware against several victims. The indictment alleges that, at least in part, he was responsible for the ransomware targeted at many people. local Texas government agencies August 2019. Polyanin, who lives in Russia, is still at large, but is believed to be linked to 3,000 ransomware attacks, which have collectively been attempted to inflict at least $ 13 million on victims.
“All of this is great news,” says Allan Liska, an analyst at security company Recorded Future. “It reminds ransomware actors that they are not safe, even in Russia. “If we can’t arrest him, we’ll take your money.” Ransomware actors also sometimes have to use services outside of Russia, and that is where the power to enforce the law lies. ”
combined with recently announced penalties From the Department of Finance and a State Department Award To get information about the famous DarkSide ransomware actors, the Department of Justice’s actions on Monday reflect the ransomware mantra of the Biden administration’s “whole government”.
Source link