Biggest ransomware disguise to date may have an actual effect

in early July, Heading into the weekend, Ransomware attack against IT management company Kaseya helpless Hundreds of companiesTheir data is encrypted by the notorious REvil ransomware group. Now, the US authorities have announced an unprecedented development as the incident itself: the alleged perpetrator, a Ukrainian citizen, was arrested in October and is currently awaiting extradition from Poland.

ransom gangs have Operate with relative impunity Over the past few years, in part because there are so many of them in Russia, the Kremlin has steadily turned a blind eye. Despite this, the Justice Department’s announcement on Monday shows that a hybrid approach to law enforcement can work. The arrest and extradition of 22-year-old Yaroslav Vasinsky shows that officials are able to catch key players when they go wrong. Another major announcement, the forfeiture of $6.1 million in alleged ransom payments received by Russian citizen Yevgeny Polyanin, shows that authorities can disrupt their targets even when they cannot detain them.

“The arrest of Vasinski shows how quickly we, along with our international partners, will act to locate, locate and arrest alleged cybercriminals, no matter where they are,” Attorney General Merrick Garland said at a press conference on Monday. “Ransomware attacks are fueled by criminal profits; that is why we are not only prosecuting the individuals responsible for those attacks. We are also committed to seizing their illicit profits and returning them whenever we can to the extorted victims.”

The indictments against Vasinsky and Polyanin do not go into much detail. Vasinskyi allegedly got involved with REvil as recently as December 2019, when he responded to an ad on a Russian hacker forum looking for ransomware affiliates. People who write ransomware often make ransomware What are basically franchise deals? for their hacking tools in exchange for a portion of the proceeds – McDonald’s Cybercrime Model. Vasinskyi is accused of carrying out the attack on Kaseya, which in turn spread to a number of the company’s customers through software updates. In the end, the attack affected as many as 1,500 companies.

Polianin, 28, is also accused of spreading REvil ransomware against several victims. The indictment alleges that he was responsible, at least in part, for a ransom spree targeting a large number of Texas Local Government Agencies As of August 2019. Polyanin, who lives in Russia, remains at large but is believed to have links to 3,000 ransomware attacks that collectively attempted to extort at least $13 million from victims.

“This is great news all around,” says Alan Liska, an analyst with security firm Recorded Future. “It reminds ransomware actors that they are not safe, even in Russia. If we can’t catch you, we will take your money.” Even ransomware actors have to use services outside of Russia sometimes, and this is where the powers of Law enforcement with authority.”

combined with Recently announced sanctions From the Treasury and a Reward from the Ministry of Foreign Affairs For information about the notorious actors of the DarkSide ransomware, the Justice Department’s action on Monday mirrors the Biden administration’s mantra of “full government” for ransomware.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button