Federal prosecutors revealed charges Monday against a Ukrainian man accused of raking in millions of dollars by carrying out ransomware attacks that targeted businesses in the U.S. and around the world.
Yaroslav Vasinskyi, 22, was arrested last month at the request of the U.S. government while trying to enter Poland from Ukraine. The U.S. is now seeking his extradition. Court documents unsealed Monday accused him of conducting around 2,500 ransomware attacks that brought in $2.3 million in payments to unlock infected computer systems.
Prosecutors said he was involved in a widespread scheme to spread a specific kind of ransomware known as Sodinokibi/REvil. A grand jury indictment said Vasinskyi and other co-conspirators wrote the software, which they first unleashed in April 2019, and regularly refined it.
Court documents said 10 American companies in eight states were among the victims. They were not identified by name.
The Justice Department said he was behind an attack that targeted a Miami-based company, Kaseya, which sells software to help small businesses control their computer networks. The attack hit over the July 4th weekend, affected at least 1,500 businesses in the U.S. and other countries by spreading through Kaseya software that it infected.
It demanded a $70 million ransom to be paid in cybercurrency for the key code to unlock affected computers.
Attorney General Merrick Garland said Vasinskyi was actually charged just six weeks after the July attack. “His arrest demonstrates how quickly we will act, alongside our international partners, to identify, locate and apprehend alleged cybercriminals no matter where they are.”
After the attack, President Joe Biden called Vladimir Putin, the Russian president, urging him to stop providing a safe haven for cybercriminals.
In a separate case, the Justice Department also revealed that it seized $6 million in ransomware payments from Yevgeniy Polyanin, a Russian national accused of carrying out more than 3,000 ransomware attacks that targeted American companies.
Late last week, Romanian authorities said they arrested two individuals suspected of deploying the REvil software to rake in about $580,000. The arrests were part of an international law enforcement effort that involved 17 countries, all targeting the REvil ransomware attacks.
Garland said the Biden administration has urged Congress to pass a law requiring American companies to notify the government promptly when they are victimized by a ransomware attack.