DOJ charges 2 men allegedly behind REvil ransomware attacks

The Justice Department also seized $6 million in ransom payments.

November 08, 2021, 4:42 PM

The nation's top law enforcement officials announced on Monday the seizure of approximately $6 million in ransom payments and new criminal charges against a Ukrainian national and Russian national alleged to have deployed the REvil ransomware that infected more than 1,000 companies and public organizations around the globe this summer.

Yaroslav Vasinskyi, a Ukrainian national arrested last month in Poland, and Yevgeniy Polyanin, a Russian national who remains at large, face charges of fraud, conspiracy and money laundering. Vasinskyi was charged in connection with his alleged role in carrying out the devastating July 4 ransomware attack against the software firm Kaseya, which in turn affected hundreds of companies within the U.S.

Together, the U.S. Treasury Department said the two men "are part of a cybercriminal group that has engaged in ransomware activities and received more than $200 million in ransom payments paid in Bitcoin and Monero." It is announcing sanctions against the two men as well.

PHOTO: FBI Director Christopher Wray is flanked by U.S. Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco during a news conference at the Justice Department in Washington, D.C., Nov. 8, 2021.
FBI Director Christopher Wray is flanked by U.S. Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco during a news conference at the Justice Department in Washington, D.C., Nov. 8, 2021.
Jonathan Ernst/Reuters

Charging documents unsealed Monday morning also accuse Vainskyi of conducting approximately 2,500 ransomware attacks and demanding approximately $767 million in ransom, $2.3 million of which was eventually paid.

There is no lawyer listed for Vasinskyi or Polyanin.

"Our message today is clear: The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice and to recover the funds they have stolen from the American people," Attorney General Merrick Garland said.

Deputy Attorney General Lisa Monaco lauded Kaseya for calling the FBI and Department of Justice and asking for help in finding the alleged criminals.

PHOTO: U.S. Attorney General Merrick Garland speaks as Deputy Attorney General Lisa O. Monaco, FBI Director Christopher A. Wray, and Deputy Secretary of the Treasury Wally Adeyemo listen at a press conference in Washington, D.C., on Nov. 8, 2021.
U.S. Attorney General Merrick Garland speaks as Deputy Attorney General Lisa O. Monaco, FBI Director Christopher A. Wray, and Deputy Secretary of the Treasury Wally Adeyemo listen at a press conference in Washington, D.C., on Nov. 8, 2021.
Olivier Douliery/AFP via Getty Images

"As we've shown time and time again, we're still going to pursue them, disrupt them and hold them accountable," FBI Director Christopher Wray said.

Shortly afterward, President Joe Biden said he had followed through on his promise to Russian President Vladimir Putin to hold cybercriminals to account.

"When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable," he said in a written statement. "That’s what we have done today.

“We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals," he said.

Garland said REvil ransomware has been deployed on approximately 175,000 computers worldwide with at least $200 million paid in ransom.

REvil was also behind the May attack on meat supplier JBS, which paid $11 million in ransom to unlock its systems.

PHOTO: U.S. Attorney General Merrick Garland announces charges against a suspect from Ukraine and a Russian national over a July ransomware attack on an American company, during a news conference in Washington, D.C., Nov. 8, 2021.
U.S. Attorney General Merrick Garland announces charges against a suspect from Ukraine and a Russian national over a July ransomware attack on an American company, during a news conference in Washington, D.C., Nov. 8, 2021.
Jonathan Ernst/Reuters

The State Department is is offering a reward of up to $10 million for information that helps identify or locate the leaders of the cybercriminal group known as REvil or Sodinokibi.

The U.S. is also offering up to $5 million for information that leads to the arrest or conviction of any individual involved in a REvil ransomware attack.

In June, the Justice Department announced it had successfully seized millions of dollars in cryptocurrency Colonial Pipeline paid to the cyber criminal group DarkSide following the attack that led the pipeline to briefly shut down its operations.

ABC News' Connor Finnegan and Ben Gittleson contributed to this report.

Related Topics

ABC News Live

ABC News Live

24/7 coverage of breaking news and live events