On Monday, November 8, 2021 United States Department of Justice announced charges against two foreign nationals Russian Yevgeniy Polyanin and Ukrainian Yaroslav Vasinskyi. They reportedly deployed Sodinokibi/REvil ransomware to attack government entities and businesses in the United States.
REvil hacker appeared on the FBI wanted list
According to the indictment Yevgeniy Polyanin, 28, a Russian national conducted Sodinokibi/REvil ransomware attacks against multiple victims, including government entities and businesses in Texas on or about Aug. 16, 2019. Also the Department added an announcement of the seizure of $6.1 million in funds identifiable with alleged ransom payments received by Yevgeniy Polyanin. Meanwhile FBi authorities says hacker probably hides in Barnaul, Russia.
Another charged individual Yaroslav Vasinskyi, 22, a Ukrainian national reportedly conducted ransomware attacks against numerous victims as well. The most known one includes the July 2021 attack against Kaseya, a multinational information technology software company. At the present time Vasinskyi remains held by Polish authorities in connection with his requested extradition to the United States.
Hackers conducted large scale ransomware attacks
Vasinskyi and Polyanin received their charges in separate indictments with conspiracy to commit fraud and related activity in connection with computers. Also it covers substantive counts of damage to protected computers, and conspiracy to commit money laundering. Notably if convicted of all counts, each individual faces a maximum penalty of 115 and 145 years in prison, correspondingly.
“ Polyanin’s ransomware attacks affected numerous companies and entities across the United States, including law enforcement agencies and municipalities throughout the State of Texas. Polyanin ultimately extorted approximately $13 million from his victims,” Attorney General Garland Remarks as Delivered.
After the deployment of Sodinokibi/REvil the defendants left for victims a notice on the ransom payment. If the victim refused to pay the money they would threaten the victim with publishing the data or selling it to the third parties. If hackers received the demanded money they would present the decryption key for the victim.
The FBI’s Dallas and Jackson Field Offices are leading the investigation. The operation was conducted in close cooperation with Europol and Eurojust. Romania’s National Police and the Directorate for Investigating Organised Crime and Terrorism; Dutch National Police; Poland’s National Prosecutor’s Office, Border Guard, Internal Security Agency, and Ministry of Justice along with other jurisdictions greatly contributed to the case.
Denis Dubnikov detention in connection with Yevgeniy Polyanin
Pavel Vrublevsky, a contributor to Russian Forbes, shared tweets concerning Polyanin. He writes that Polyanin must have used Denis Dubnikov`s EGGCash-Coyotes. For this reason Vrublevsky links this fact to Dubnikov`s arrest in the Netherlands this month.
Indicted yesterday Polyanin-REVil must have cashed out via EGGCash-Coyotes Dubnikov, which was likely the reason of his arrest in Amsterdam and Gov attempt to conceal it. Russian TG channels posted a screen of "Coyotes" purchasing crypto in Barnaul, home city of Polyanin
— Pavel Vrublevsky (@RNP_1) November 9, 2021
In short, Denis Dubnikov, 29, co-founder of several cryptoprojects, such as EGGCHANGE and Coyote Crypto faced detention in Amsterdam. His business is allegedly connected to the cryptocurrency theft beginning from 2018. Part of the criminal operations were conducted through his services, according to media reports.