The Department of Justice announced two men were arrested and charged for allegedly being involved in Sodinokibi/REvil ransomware attacks that targeted companies and government entities in the United States, managing to also seize $6.1 million in the process. Two other REvil actors were arrested in Romania.
The indictment charges Ukrainian national Yaroslav Vasinskyi (22) with involvement in the deployment of ransomware on multiple victims, including the July 2021 attack against the multi-national information technology software company Kaseya, and Russian national Yevgeniy Polyanin (28) with carrying Sodinokibi/REvil ransomware attacks against many victims, including Texas enterprises and government entities around August 16, 2019. The DoJ also announced seizing $6.1 million in funds linked to alleged ransomware attacks and money laundering committed by Polyanin, who is believed to be abroad.
Court documents say that in the alleged ransomware attack targeting Kaseya, Vasinskyi deployed the malicious Sodinokibi/REvil code through the Kaseya product, which led to the further deployment of REvil ransomware encrypting the data on computers of the Kaseya software customers. The actor has been in custody in Poland since October 8, and he remains there until the requested extradition to the US process is completed.
“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin, and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, US government and especially our private sector partners,” said FBI Director Christopher Wray.
Defendants Vasinskyi and Polyanin are separately prosecuted for "conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering." A conviction for all counts would mean each of the defendants faces a maximum penalty of 115 and 145 years in prison, respectively.
Last month, German law enforcement reportedly tracked down a core member of the notorious REvil ransomware gang, referred to as “Nikolay K.”