With No. 1 pick in the NFL draft, Chicago Bears select quarterback Caleb Williams. Follow here for live pick-by-pick updates.
📷 Key players Meteor shower up next 📷 Leaders at the dais 20 years till the next one
POLITICS
Cyber Attacks

DOJ indicts Ukrainian, Russian men in alleged ransomware attacks

Kevin Johnson Bart Jansen
USA TODAY

WASHINGTON – Justice Department officials Monday announced indictments against two alleged ransomware kingpins responsible for thousands of attacks.

One of the suspects, Yaroslov Vasinkyi, a 22-year-old Ukrainian national, was arrested last month by Polish authorities and is accused of unleashing ransomware known as Sodinokibi/REvil against Kaseya, an multi-national information software company, in July, demanding $70 million in ransom.

Attorney General Merrick Garland said Vasinskyi was charged with authoring the ransomware, encrypting the victim’s computers and laundering money paid in ransom. American authorities have requested his extradition to face charges in the U.S.

“Vasinskyi’s arrest demonstrates how quickly we will act alongside our international partners to identify, locate and apprehend alleged cybercriminals, no matter where they are located,” Garland said. "We are also committed to capturing their illicit profits and returning them whenever we can to the victims who were extorted."

More:The next big cyberthreat isn't ransomware. It's killware. And it's just as bad as it sounds.

Prep for the polls: See who is running for president and compare where they stand on key issues in our Voter Guide

Attorney General Merrick Garland (L) and FBI Director Christopher Wray hold a press conference at the Robert F. Kennedy Main Justice Building on Nov. 8, 2021 in Washington, D.C. Garland announced progress in the investigation into the #REvil ransomware attacks, including the arrest of Ukrainian Yaroslav Vasinsky in Poland, the indictment of Russian national Yevgyeniy Polyanin and the seizure of $6 million in cryptocurrency.

According to the indictment unsealed Monday, federal authorities sought the charges against Vasinskyi within weeks of the Kaseya attacks. 

Authorities also announced a separate indictment against Yevgyeniy Igoryevich Polyanin, 28, a Russian national who remains at large and is accused of launching 3,000 cyber attacks and attempting to extort at least $13 million from victims, which included U.S. law enforcement agencies, municipalities and other entities.

The indictment charges Polyanin with attacks launched throughout Texas in August 2019. He faces charges similar to those leveled against his Ukrainian counterpart, including conspiracy to commit damage to protected computers and conspiracy to commit money laundering.

More:Hackers targeted US drinking water and wastewater facilities as recently as August, Homeland Security says

Justice officials recovered $6.1 million in ransom proceeds traced to Polyanin, Garland said.

"We are also committed to capturing their illicit profits and returning them whenever we can to the victims who were extorted," he said.

“This will not be the last time," Garland said of the recovery of money. “The U.S. government will continue to aggressively pursue the entire ransomware ecosystem and increase our nation’s resilience to cyber threats.”

The Treasury Department also announced sanctions to discourage and prevent ransomware. And the State Department announced rewards for information tracking down cybercriminals.

The charges did not include allegations that the Russian government was complicit in the attacks, but President Biden Monday referred to his June meeting with Russia President Vladimir Putin in which he vowed to "hold cybercriminals accountable."

"That’s what we have done today," Biden said in a statement. "We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals."

The Justice announcements came the same day Europol, the European Union’s law enforcement agency, announced that Romanian authorities had arrested two people Thursday suspected of cyber attacks. The attacks resulted in 5,000 infections and 500,000 euros in ransom payments.

Garland said prompt reporting of ransomware incidents helps track bad actors and prevent other attacks. He urged Congress to create a national standard for reporting significant cyber incidents and to require the reported information be shared immediately with the Justice Department.

"Our message today is clear: the United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice and to recover the funds they have stolen from the American people," Garland said.

Sodinokibi/REvil and GandCrab spread around the globe

The attacks allegedly carried out by both men were attributed to the Sodinokibi/REvil ransomware. Since February, the Europol investigation have arrested three other affiliates of Sodinokibi/REvil and two suspects connected to another strain of ransomware called GandCrab that infected a combined total of 7,000 victims.

South Korea arrested three affiliates of both strains of ransomware, in February, April and October. Another affiliate was arrested in Europe in October. And Kuwaiti authorities arrested a GandGrab affiliate on Thursday.

The investigation involving 17 countries, including the U.S., identified suspects, wiretapped and seized some equipment of Sodinokibi/REvil, which Europol said is seen as the successor to GandCrab.

The countries that participated in the investigation were Australia, Belgium, Canada, France, Germany, the Netherlands, Luxembourg,  Norway, Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the United Kingdom and the United States.

The Justice Department has faced challenges in pursuing international hackers because many operate in countries that don't extradite their own citizens to the U.S. for prosecution.

Deputy Attorney General Lisa Monaco appeared to foreshadow Monday’s announcement in an interview with The Associated Press last week, saying that “in the days and weeks to come, you’re going to see more arrests.”

Deputy Attorney General Lisa Monaco speaks to The Associated Press during an interview at the Department of Justice in Washington on Nov. 2, 2021. Two suspected hackers accused of ransomware attacks resulting in 5,000 infections have been arrested as part of a global cybercrime crackdown, according to an announcement Monday by Europol.

REvil had been linked to ransomware that targeted the world's largest meat producer, Brazil-based JBS SA, and an attack that snarled businesses worldwide around July Fourth.

JBS resumed operations in June after servers in North America and Australia were targeted. Backup servers weren’t affected and the company said it was not aware of any customer, supplier or employee data being compromised.

Also in June, the Justice Department seized $2.3 million in cryptocurrency from a payment made by Colonial Pipeline following a ransomware attack. The attack had forced the company to temporarily halt operations for nearly a week, creating fuel shortages in parts of the country and panic buying in the Southeast.

“We will be relentless in our mission to investigate, to disrupt and to prosecute ransomware attacks,” Monaco said. “Today, we are back to tell the American people that we have done it again.”

Featured Weekly Ad