An alleged member of the REvil ransom group has been charged, with $6.1M in funds seized from another suspect, according to the US Department of Justice.
Back in April, we learned that the REvil group accessed systems belonging to Mac assembler Quanta and obtained schematics of the upcoming MacBook Pro models, which accurately revealed the HDMI, MagSafe, and SD card slot …
The REvil ransom group had two methods of extorting money from companies. First, conventional ransomware attacks, where they would hack into systems, encrypt the data, and demand payment in return for the decryption key. Second, they would obtain sensitive data and threaten to sell it to rivals, or make it public, unless the company paid a ransom.
One attack successfully infiltrated systems belonging to Quanta Computer, a key Apple supplier that makes both Macs and Apple Watches. REvil obtain schematics that revealed key details of the upcoming MacBook Pro designs more than six months before they were launched by Apple.
REvil first attempted to blackmail Quanta, and when that wasn’t successful attempted to do the same to Apple. Neither company paid the ransom, and so the group did as it had threatened and made the drawings public. The accuracy of these was confirmed when the new machines were launched.
A coordinated multinational effort by a number of law enforcement agencies, including the FBI, hacked into REvil’s systems, and in a delicious piece of payback, used one of the group’s own attack methods against it.
Alleged REvil ransom group member charged
The DoJ announced that one alleged member of the group has been arrested and charged in relation to another of their attacks, against tech company Kaseya. No charges have yet been filed in respect of the Apple attack. Additionally, $6.1M has been seized from another suspect who currently remains at large.
An indictment unsealed today charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, a multi-national information technology software company.
The department also announced today the seizure of $6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas […]
“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” said Attorney General Garland. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”
“Our message to ransomware criminals is clear: If you target victims here, we will target you,” said Deputy Attorney General Monaco. “The Sodinokibi/REvil ransomware group attacks companies and critical infrastructures around the world, and today’s announcements showed how we will fight back. In another success for the department’s recently launched Ransomware and Digital Extortion Task Force, criminals now know we will take away your profits, your ability to travel, and – ultimately – your freedom. Together with our partners at home and abroad, the Department will continue to dismantle ransomware groups and disrupt the cybercriminal ecosystem that allows ransomware to exist and to threaten all of us.”
The DoJ government has filed a request to extradite Vasinskyi to the United States.
FTC: We use income earning auto affiliate links. More.