Ukrainian REvil affiliate charged with Ransomware Attack on Kaseya

The US DoJ has charged a REvil ransomware affiliate that is suspected to have orchestrated the attack on Kaseya MSP platform in July.

The US Department of Justice has charged a REvil ransomware affiliate for orchestrating the ransomware attacks on Kaseya MSP platform that took place in July 4.

The suspect is 22-year old Ukrainian national Yaroslav Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22), who was arrested for cybercriminal activity on October 8 while he was trying to enter Poland.

“The Justice Department announced today recent actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.” reads the press release published by DoJ. “An indictment unsealed today charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, a multi-national information technology software company.”

Vasinskyi is a REvil ransomware affiliate since at least March 1st, 2019, and carried out thousands of attacks against organizations worldwide. According to the investigators, the total ransom payments demanded by Vasinskyi to his victims was $767, but the victims only paid $2.3 million. According to the indictment, Vasinskyi infected is believed to have deployed ransomware on the networks of at least nine companies in the U.S.

The U.S. is requesting Vasinskyi’s extradition.

The DoJ also charged Russian national Yevgeniy Polyanin (28) (aka LK4D4, Damnating, damn2Life, Noolleds, Antunpitre, Affiliate 23) with orchestrating ransomware attacks against multiple multiple organizations worldwide. US DoJ also seized $6.1 million obtained from ransom payments by Polyanin.

Polyanin breached at least 13 government entities in Texas in August 2019.

Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. If sentenced of all counts, they will face up to 115 and 145 years in prison, respectively.

“Our message to ransomware criminals is clear: If you target victims here, we will target you,” said Deputy Attorney General Monaco. “The Sodinokibi/REvil ransomware group attacks companies and critical infrastructures around the world, and today’s announcements showed how we will fight back.  In another success for the department’s recently launched Ransomware and Digital Extortion Task Force, criminals now know we will take away your profits, your ability to travel, and – ultimately – your freedom. Together with our partners at home and abroad, the Department will continue to dismantle ransomware groups and disrupt the cybercriminal ecosystem that allows ransomware to exist and to threaten all of us.” reads the press release published by DoJ.

“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners,” said FBI Director Christopher Wray. “The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil. Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, REvil ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]