REvil hackers` storm of arrests

It seems like global society has decided to go after ransomware criminals with full force. This year brought the most headlines on the subject. Law enforcement agencies around the world conducted several arrests connected to this particular criminal ecosystem. And this time one of the REvil hackers Yaroslav Vasinskyi, 22, awaits his extradition to the US in Poland.

Ukrainian REvil hacker charged with conducting the Kaseya ransomware attack

According to the US Department of Justice Vasinskyi has direct responsibility for the Kaseya attack. He received his indictments at the same time as Russian national Yevgeniy Polyanin. Polyanin at the moment allegedly hides in Barnaul, Russia while the FBI put him on the wanted list. Both indicted individuals have connections to REvil ransomware. If convicted on all accounts they will receive more than 100 years in prison.

“An indictment unsealed today charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, a multinational information technology software company,” according to the announcement published by the Department of Justice on November 8, 2021.

The Department of Justice also announced the seizure of $6.1 million that Yevgeniy Polyanin received as victims`payments. Both Vasinskyi and Polyanin are charged in separate indictments. More precisely they received allegations that they conspired to commit fraud and related illegal activity in connection with computers. Also it includes substantive counts of damage to protected computers, and conspiracy to commit money laundering.

And more on the topic. Kaseya, an IT solutions developer for MSPs and enterprise clients, declared this summer that it endured a ransomware attack. The onslaught happened on July 2, over the American Independence Day weekend. Attackers carried out a supply chain by gripping a vulnerability in Kaseya’s VSA software. Onslaught affected multiple managed service providers (MSP) and their customers.

Though Kaseya CEO Fred Voccola said that those impacted of company’s clients constitute less than 0.1%. But as their clientele include MSPs it means that a vast number of smaller businesses fell under the attack too. Specialists estimated that 800 to 1500 small to medium-sized companies may have undergone ransomware compromise through their MSP.

This year ransomware activities made the most headlines around the world

As we said this year the ransomware hackers made the most headlines in newspapers around the world. Last month Europol with joint forces of partner countries conducted large scale operations on territories of Ukraine and Switzerland. As a result joint law enforcement agencies targeted 12 individuals. Those individuals allegedly had related illegal work activities connected with the LockerGoga, MegaCortex and Dharma ransomware.

Another recent news appeared when Interpol shared the details of the 30 months operation. The International Criminal Police Organization issued two Red Notices on the case and reported on the six individuals` arrests. Ukrainian national police carried out the arrests of suspects who allegedly worked on behalf of the Cl0p ransomware threat group.