US accuses Ukrainian hacker of ransomware attacks REvil, arrest warrant issued for Russian hacker

The US Department of Justice has accused a 22-year-old Ukrainian citizen that he organized the attacks ransomwareom to Kaseya servers which happened over the weekend of July 4 this year.

The suspect, Jaroslav Vasinski, was arrested last month on an arrest warrant issued by the United States. Polish authorities arrested him at the border while he was crossing from Ukraine to Poland.

According to court documents, Vasinski was a longtime associate of the REvil (Sodinokibi) group.

Using the hacker pseudonym MrRabotnik, Vasinski hacked networks of companies around the world and then posted a copy of the REvil ransomware to block the victims’ computers. In order to recover their files, the victims had to pay a ransom for the REvil gang, of which Vasinski kept a significant percentage.

The Ukrainian citizen has been working as a “branch” of REvil since 2019, and what led to his arrest is the attack he carried out on July 4 this year.

On Friday, July 2, Vasinski exploited a vulnerability in Kaseya software to gain access to Kaseya servers installed around the world. This allowed him to place REvil ransomware within the networks of thousands of companies around the world.

The attack was so devastating that it led to a meeting of the White House National Security Council, talks between the Russian and American presidents, and the shutdown of REvil RaaS a week later.

In addition to Vasinski, the United States has indicted another suspect who helped the REvil gang distribute its ransomware. It is about 28-year-old Yevgeny Poljanin, a Russian citizen who was also an associate of the REvil gang on whose behalf he carried out the attacks.

Poljanin is believed to be the person who broke into the network of TSM Consulting, a Texas-based service provider, from where on August 16, 2019, he placed ransomware REvil in the networks of at least 20 Texas local government agencies.

Poljanin is still at large, a a warrant was issued for his arrest.

The US Department of Justice announced that the seized cryptocurrency worth 6.1 million dollars, which the suspect kept on his FTX account.

The news of Vasinski’s arrest was published a few hours after it Europol issued a statement on similar arrests in Romania, Kuwait and South Korea.

A total of seven people who worked with the GandCrab and REvil RaaS ransomware were detained this year, Europol said.

As part of this operation, the U.S. Treasury Department also imposed sanctions on Chatex, a cryptocurrency portal that helped ransomware gangs launder illegally acquired cryptocurrencies. Financial sanctions have also been imposed on Poljanin, who is believed to be currently in Russia.



Source: Informacija.rs by www.informacija.rs.

*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!