REvil ransomware: US seizes $6 million in ransom payments and expected to charge Ukrainian over major cyberattack - CNNPolitics
US seizes $6 million in ransom payments and charges Ukrainian over major cyberattack
Anchor Muted BackgroundAnchor Muted Background
By Christina Carrega and Sean Lyngaas, CNN
Updated 0215 GMT (1015 HKT) November 9, 2021
Here's everything you need to know about ransomware
Now PlayingHere's everything you...
White House Press Secretary Kayleigh McEnany speaks with members of the media at the White House in Washington, DC, October 2, 2020.
The latest Trump allies subpoenaed by Jan 6 committee
Republican state senator's win shocks political world -- and himself
US Republican Representatives Marjorie Taylor Greene of Georgia, speaks to reporters after attending testimony by US Attorney General Merrick Garland before a House Judiciary Committee hearing on "Oversight of the United States Department of Justice," on Capitol Hill in Washington, DC, October 21, 2021. (Photo by Olivier DOULIERY / AFP) (Photo by OLIVIER DOULIERY/AFP via Getty Images)
Extreme rhetoric by top GOP members points to 'sickness' in politics
GOP strategist on what Biden's approval rating could mean for 2022
WASHINGTON, DC - DECEMBER 18: Former White House National Security Advisor Michael Flynn leaves the Prettyman Federal Courthouse following a sentencing hearing in U.S. District Court December 18, 2018 in Washington, DC. Flynn's lawyers accepted the judge's offer to delay sentencing for lying to the FBI about his communication with former Russian Ambassador Sergey Kislyak. Special Prosecutor Robert Mueller has recommended no prison time for Flynn due to his cooperation with the investigation into Russian interference in the 2016 presidential election. (Photo by Chip Somodevilla/Getty Images)
Top Trump campaign associates subpoenaed by January 6 committee
'We've seen civility really downslide': GOP congressman on threatening voicemail
'It is over': Christie urges GOP to move on from 2020
President Joe Biden delivers remarks on the October jobs report from the State Dining Room of the White House, Friday, Nov. 5, 2021, in Washington. (AP Photo/Evan Vucci)
CNN poll reveals Biden's approval at new low
US President Joe Biden presents his national statement as part of the World Leaders' Summit of the COP26 UN Climate Change Conference in Glasgow on November 1, 2021.
Analysis: Biden's 'roller coaster' 10 days
NOW PLAYING
Here's everything you need to know about ransomware
Liz Cheney hits back at Trump over insurrection claim
Former US President Donald Trump speaks to supporters during a rally at the Lorain County Fairgrounds on June 26, in Wellington, Ohio.
Analysis: How Trump has emboldened autocrats around the world
The National Rifle Association(NRA) logo is seen at their headquarters March 14, 2013, in Fairfax, Virginia.
NPR: NRA called members 'hillbillies' and 'fruitcakes' in recording
Video of 'QAnon Shaman' at Capitol riot angers judge
'Man up': Chairman challenges Trump after ruling
Rep. Paul Gosar (R-AZ) attends a House Oversight and Reform Committee hearing titled The Capitol Insurrection: Unexplained Delays and Unanswered Questions, regarding the January 6 attack on the US Capitol, in Washington, DC, on May 12, 2021. (Photo by JONATHAN ERNST / POOL / AFP) (Photo by JONATHAN ERNST/POOL/AFP via Getty Images)
GOP congressman posts video depicting violence against AOC and Biden
'A domestic threat we've never faced before': Cheney on Trump
White House Press Secretary Kayleigh McEnany speaks with members of the media at the White House in Washington, DC, October 2, 2020.
The latest Trump allies subpoenaed by Jan 6 committee
Republican state senator's win shocks political world -- and himself
US Republican Representatives Marjorie Taylor Greene of Georgia, speaks to reporters after attending testimony by US Attorney General Merrick Garland before a House Judiciary Committee hearing on "Oversight of the United States Department of Justice," on Capitol Hill in Washington, DC, October 21, 2021. (Photo by Olivier DOULIERY / AFP) (Photo by OLIVIER DOULIERY/AFP via Getty Images)
Extreme rhetoric by top GOP members points to 'sickness' in politics
GOP strategist on what Biden's approval rating could mean for 2022
WASHINGTON, DC - DECEMBER 18: Former White House National Security Advisor Michael Flynn leaves the Prettyman Federal Courthouse following a sentencing hearing in U.S. District Court December 18, 2018 in Washington, DC. Flynn's lawyers accepted the judge's offer to delay sentencing for lying to the FBI about his communication with former Russian Ambassador Sergey Kislyak. Special Prosecutor Robert Mueller has recommended no prison time for Flynn due to his cooperation with the investigation into Russian interference in the 2016 presidential election. (Photo by Chip Somodevilla/Getty Images)
Top Trump campaign associates subpoenaed by January 6 committee
'We've seen civility really downslide': GOP congressman on threatening voicemail
'It is over': Christie urges GOP to move on from 2020
President Joe Biden delivers remarks on the October jobs report from the State Dining Room of the White House, Friday, Nov. 5, 2021, in Washington. (AP Photo/Evan Vucci)
CNN poll reveals Biden's approval at new low
US President Joe Biden presents his national statement as part of the World Leaders' Summit of the COP26 UN Climate Change Conference in Glasgow on November 1, 2021.
Analysis: Biden's 'roller coaster' 10 days
Here's everything you need to know about ransomware
Liz Cheney hits back at Trump over insurrection claim
Former US President Donald Trump speaks to supporters during a rally at the Lorain County Fairgrounds on June 26, in Wellington, Ohio.
Analysis: How Trump has emboldened autocrats around the world
The National Rifle Association(NRA) logo is seen at their headquarters March 14, 2013, in Fairfax, Virginia.
NPR: NRA called members 'hillbillies' and 'fruitcakes' in recording
Video of 'QAnon Shaman' at Capitol riot angers judge
'Man up': Chairman challenges Trump after ruling
Rep. Paul Gosar (R-AZ) attends a House Oversight and Reform Committee hearing titled The Capitol Insurrection: Unexplained Delays and Unanswered Questions, regarding the January 6 attack on the US Capitol, in Washington, DC, on May 12, 2021. (Photo by JONATHAN ERNST / POOL / AFP) (Photo by JONATHAN ERNST/POOL/AFP via Getty Images)
GOP congressman posts video depicting violence against AOC and Biden
'A domestic threat we've never faced before': Cheney on Trump
White House Press Secretary Kayleigh McEnany speaks with members of the media at the White House in Washington, DC, October 2, 2020.
The latest Trump allies subpoenaed by Jan 6 committee
(CNN)Law enforcement officials seized an estimated $6 million in ransom payments and federal prosecutors charged a suspect from Ukraine over a damaging July ransomware attack on an American company in a breakthrough for the Biden administration's pursuit of cybercriminals, the Justice Department announced Monday.
Yaroslav Vasinskyi, a Ukrainian national who was arrested in Poland last month, is accused of deploying ransomware known as REvil, which has been used in hacks that have cost US firms millions of dollars. Vasinskyi conducted a ransomware attack over the Fourth of July weekend on Florida-based software firm Kaseya that infected up to 1,500 businesses around the world, according to an indictment unsealed Monday.
Vasinskyi and another alleged REvil operative, Russian national Yevgeniy Polyanin, are charged with conspiracy to commit fraud and conspiracy to commit money laundering, among other charges. As part of the investigation, authorities seized at least $6 million in funds allegedly linked to ransom payments received by Polyanin, US officials said.
CNN was first to report on the law enforcement actions before the Justice Department announcement.
Hackers have breached organizations in defense and other sensitive sectors, security firm says
Hackers have breached organizations in defense and other sensitive sectors, security firm says
The law enforcement bust is one of the most impactful actions yet in the Biden administration's multipronged fight against ransomware, which accelerated after a series of hacks hampered US critical infrastructure firms this year. While some ransomware groups have continued to breach US companies and demand payment, others have gone quiet in recent months.
Attorney General Merrick Garland said at a press conference that the US and its allies would do "everything in our power" to track down ransomware operatives and claw back the money "they have stolen from the American people."
Vasinskyi, 22, is being held in Poland pending US extradition proceedings, while Polyanin, 28, remains at large. CyberScoop, first reported that Vasinskyi had been arrested.
The Treasury Department on Monday also imposed sanctions on Vasinskyi and Polyanin, as well as cryptocurrency exchange that allegedly has moved money for ransomware operatives.
The State Department meanwhile announced a reward of up to $10 million for information leading to the identification or location of the leadership of the REvil ransomware gang. The department is also offering up to $5 million for information leading to an arrest or conviction of anyone conspiring or attempting to participate in REvil ransomware attacks.
US officials have pursued diplomacy with the Russian government, sanctioned a cryptocurrency exchange and exhorted companies to raise their cyber defenses. But experts say that putting ransomware operators in handcuffs is a crucial part of the US strategy to curb attacks. Romanian authorities last week arrested two additional alleged REvil operatives, Europol announced Monday. And South Korean authorities last month extradited to the US a Russian man accused of being part of a different crime ring that infected millions of computers worldwide.
In a statement later on Monday, President Joe Biden said, "We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals."
Biden administration has made tackling ransomware groups a priority
Biden in June asked Russian President Vladimir Putin to take action against criminal hackers that were holding US companies hostage. But the Russian government has historically been reluctant to pursue cybercriminals on its own soil as long as the hackers refrain from hitting Russian targets.
Since the Biden-Putin summit, "We have not seen a material change in the landscape," US Deputy Attorney General Lisa Monaco told the Associated Press last week. "Only time will tell as to what Russia may do on this front."
Garland on Monday declined to comment when asked if the Russian government was aware of or condoned the REvil activity, citing an ongoing investigation.
In a crowded landscape of cyber crooks, REvil has stood out for a series of brazen attacks. The group reportedly demanded $50 million from Apple earlier this year after hacking one of the tech giant's suppliers.
The FBI has also blamed REvil for a May ransomware attack on JBS USA, which accounts for about a fifth of US beef production. The incident forced JBS to temporarily shut down production at facilities in Australia, Canada and the US. JBS paid the hackers $11 million to unlock their systems.
REvil has been deployed on about 175,000 computers worldwide, with at least $200 million paid in ransom, Garland said Monday.
Polyanin allegedly conducted about 3,000 ransomware attacks, including some on law enforcement agencies and municipalities throughout Texas, Garland said.
REvil has had a volatile few months. The websites the group uses to extract ransoms and shame victims went offline after the Kaseya hack, only to reemerge in September. But the group shut down again last month after a foreign government and Cyber Command, the US military's hacking unit, compromised the group's computer infrastructure, according to a Washington Post report.
State Department offers $10M for information on Colonial Pipeline hackers
State Department offers $10M for information on Colonial Pipeline hackers
To turn up the pressure, the State Department last week announced a $10 million reward for key information on the hackers behind the so-called DarkSide ransomware, which forced major US fuel provider Colonial Pipeline to shut down for days in May.
Government agencies have leaned heavily on private experts in their pursuit of criminal hackers. Cybersecurity firm Emsisoft, for example, saved victims of a type of ransomware millions of dollars in ransom payments by discovering a flaw in the hackers' code.
John Fokker, a former Dutch cybercrime investigator who is now with cybersecurity firm McAfee Enterprise, told CNN that his team had helped law enforcement identify multiple suspects involved in REvil and Gandcrab, another type of ransomware.
No single law enforcement action will be a fatal blow to the lucrative, transnational ransomware economy.
Victims of ransomware attacks paid about $350 million in ransoms in 2020, according to Chainalysis, a firm that tracks cryptocurrency. But that figure is likely just a fraction of the digital extortion that went on that year. And victims who don't pay the ransom can spend millions of dollars rebuilding their computer infrastructure.
FBI Director Christopher Wray told US lawmakers in September that the bureau was investigating more than 100 different types of ransomware.
Anchor Muted BackgroundAnchor Muted Background
By Christina Carrega and Sean Lyngaas, CNN
Updated 0215 GMT (1015 HKT) November 9, 2021
Here's everything you need to know about ransomware
Now PlayingHere's everything you...
White House Press Secretary Kayleigh McEnany speaks with members of the media at the White House in Washington, DC, October 2, 2020.
The latest Trump allies subpoenaed by Jan 6 committee
Republican state senator's win shocks political world -- and himself
US Republican Representatives Marjorie Taylor Greene of Georgia, speaks to reporters after attending testimony by US Attorney General Merrick Garland before a House Judiciary Committee hearing on "Oversight of the United States Department of Justice," on Capitol Hill in Washington, DC, October 21, 2021. (Photo by Olivier DOULIERY / AFP) (Photo by OLIVIER DOULIERY/AFP via Getty Images)
Extreme rhetoric by top GOP members points to 'sickness' in politics
GOP strategist on what Biden's approval rating could mean for 2022
WASHINGTON, DC - DECEMBER 18: Former White House National Security Advisor Michael Flynn leaves the Prettyman Federal Courthouse following a sentencing hearing in U.S. District Court December 18, 2018 in Washington, DC. Flynn's lawyers accepted the judge's offer to delay sentencing for lying to the FBI about his communication with former Russian Ambassador Sergey Kislyak. Special Prosecutor Robert Mueller has recommended no prison time for Flynn due to his cooperation with the investigation into Russian interference in the 2016 presidential election. (Photo by Chip Somodevilla/Getty Images)
Top Trump campaign associates subpoenaed by January 6 committee
'We've seen civility really downslide': GOP congressman on threatening voicemail
'It is over': Christie urges GOP to move on from 2020
President Joe Biden delivers remarks on the October jobs report from the State Dining Room of the White House, Friday, Nov. 5, 2021, in Washington. (AP Photo/Evan Vucci)
CNN poll reveals Biden's approval at new low
US President Joe Biden presents his national statement as part of the World Leaders' Summit of the COP26 UN Climate Change Conference in Glasgow on November 1, 2021.
Analysis: Biden's 'roller coaster' 10 days
NOW PLAYING
Here's everything you need to know about ransomware
Liz Cheney hits back at Trump over insurrection claim
Former US President Donald Trump speaks to supporters during a rally at the Lorain County Fairgrounds on June 26, in Wellington, Ohio.
Analysis: How Trump has emboldened autocrats around the world
The National Rifle Association(NRA) logo is seen at their headquarters March 14, 2013, in Fairfax, Virginia.
NPR: NRA called members 'hillbillies' and 'fruitcakes' in recording
Video of 'QAnon Shaman' at Capitol riot angers judge
'Man up': Chairman challenges Trump after ruling
Rep. Paul Gosar (R-AZ) attends a House Oversight and Reform Committee hearing titled The Capitol Insurrection: Unexplained Delays and Unanswered Questions, regarding the January 6 attack on the US Capitol, in Washington, DC, on May 12, 2021. (Photo by JONATHAN ERNST / POOL / AFP) (Photo by JONATHAN ERNST/POOL/AFP via Getty Images)
GOP congressman posts video depicting violence against AOC and Biden
'A domestic threat we've never faced before': Cheney on Trump
White House Press Secretary Kayleigh McEnany speaks with members of the media at the White House in Washington, DC, October 2, 2020.
The latest Trump allies subpoenaed by Jan 6 committee
Republican state senator's win shocks political world -- and himself
US Republican Representatives Marjorie Taylor Greene of Georgia, speaks to reporters after attending testimony by US Attorney General Merrick Garland before a House Judiciary Committee hearing on "Oversight of the United States Department of Justice," on Capitol Hill in Washington, DC, October 21, 2021. (Photo by Olivier DOULIERY / AFP) (Photo by OLIVIER DOULIERY/AFP via Getty Images)
Extreme rhetoric by top GOP members points to 'sickness' in politics
GOP strategist on what Biden's approval rating could mean for 2022
WASHINGTON, DC - DECEMBER 18: Former White House National Security Advisor Michael Flynn leaves the Prettyman Federal Courthouse following a sentencing hearing in U.S. District Court December 18, 2018 in Washington, DC. Flynn's lawyers accepted the judge's offer to delay sentencing for lying to the FBI about his communication with former Russian Ambassador Sergey Kislyak. Special Prosecutor Robert Mueller has recommended no prison time for Flynn due to his cooperation with the investigation into Russian interference in the 2016 presidential election. (Photo by Chip Somodevilla/Getty Images)
Top Trump campaign associates subpoenaed by January 6 committee
'We've seen civility really downslide': GOP congressman on threatening voicemail
'It is over': Christie urges GOP to move on from 2020
President Joe Biden delivers remarks on the October jobs report from the State Dining Room of the White House, Friday, Nov. 5, 2021, in Washington. (AP Photo/Evan Vucci)
CNN poll reveals Biden's approval at new low
US President Joe Biden presents his national statement as part of the World Leaders' Summit of the COP26 UN Climate Change Conference in Glasgow on November 1, 2021.
Analysis: Biden's 'roller coaster' 10 days
Here's everything you need to know about ransomware
Liz Cheney hits back at Trump over insurrection claim
Former US President Donald Trump speaks to supporters during a rally at the Lorain County Fairgrounds on June 26, in Wellington, Ohio.
Analysis: How Trump has emboldened autocrats around the world
The National Rifle Association(NRA) logo is seen at their headquarters March 14, 2013, in Fairfax, Virginia.
NPR: NRA called members 'hillbillies' and 'fruitcakes' in recording
Video of 'QAnon Shaman' at Capitol riot angers judge
'Man up': Chairman challenges Trump after ruling
Rep. Paul Gosar (R-AZ) attends a House Oversight and Reform Committee hearing titled The Capitol Insurrection: Unexplained Delays and Unanswered Questions, regarding the January 6 attack on the US Capitol, in Washington, DC, on May 12, 2021. (Photo by JONATHAN ERNST / POOL / AFP) (Photo by JONATHAN ERNST/POOL/AFP via Getty Images)
GOP congressman posts video depicting violence against AOC and Biden
'A domestic threat we've never faced before': Cheney on Trump
White House Press Secretary Kayleigh McEnany speaks with members of the media at the White House in Washington, DC, October 2, 2020.
The latest Trump allies subpoenaed by Jan 6 committee
(CNN)Law enforcement officials seized an estimated $6 million in ransom payments and federal prosecutors charged a suspect from Ukraine over a damaging July ransomware attack on an American company in a breakthrough for the Biden administration's pursuit of cybercriminals, the Justice Department announced Monday.
Yaroslav Vasinskyi, a Ukrainian national who was arrested in Poland last month, is accused of deploying ransomware known as REvil, which has been used in hacks that have cost US firms millions of dollars. Vasinskyi conducted a ransomware attack over the Fourth of July weekend on Florida-based software firm Kaseya that infected up to 1,500 businesses around the world, according to an indictment unsealed Monday.
Vasinskyi and another alleged REvil operative, Russian national Yevgeniy Polyanin, are charged with conspiracy to commit fraud and conspiracy to commit money laundering, among other charges. As part of the investigation, authorities seized at least $6 million in funds allegedly linked to ransom payments received by Polyanin, US officials said.
CNN was first to report on the law enforcement actions before the Justice Department announcement.
Hackers have breached organizations in defense and other sensitive sectors, security firm says
Hackers have breached organizations in defense and other sensitive sectors, security firm says
The law enforcement bust is one of the most impactful actions yet in the Biden administration's multipronged fight against ransomware, which accelerated after a series of hacks hampered US critical infrastructure firms this year. While some ransomware groups have continued to breach US companies and demand payment, others have gone quiet in recent months.
Attorney General Merrick Garland said at a press conference that the US and its allies would do "everything in our power" to track down ransomware operatives and claw back the money "they have stolen from the American people."
Vasinskyi, 22, is being held in Poland pending US extradition proceedings, while Polyanin, 28, remains at large. CyberScoop, first reported that Vasinskyi had been arrested.
The Treasury Department on Monday also imposed sanctions on Vasinskyi and Polyanin, as well as cryptocurrency exchange that allegedly has moved money for ransomware operatives.
The State Department meanwhile announced a reward of up to $10 million for information leading to the identification or location of the leadership of the REvil ransomware gang. The department is also offering up to $5 million for information leading to an arrest or conviction of anyone conspiring or attempting to participate in REvil ransomware attacks.
US officials have pursued diplomacy with the Russian government, sanctioned a cryptocurrency exchange and exhorted companies to raise their cyber defenses. But experts say that putting ransomware operators in handcuffs is a crucial part of the US strategy to curb attacks. Romanian authorities last week arrested two additional alleged REvil operatives, Europol announced Monday. And South Korean authorities last month extradited to the US a Russian man accused of being part of a different crime ring that infected millions of computers worldwide.
In a statement later on Monday, President Joe Biden said, "We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals."
Biden administration has made tackling ransomware groups a priority
Biden in June asked Russian President Vladimir Putin to take action against criminal hackers that were holding US companies hostage. But the Russian government has historically been reluctant to pursue cybercriminals on its own soil as long as the hackers refrain from hitting Russian targets.
Since the Biden-Putin summit, "We have not seen a material change in the landscape," US Deputy Attorney General Lisa Monaco told the Associated Press last week. "Only time will tell as to what Russia may do on this front."
Garland on Monday declined to comment when asked if the Russian government was aware of or condoned the REvil activity, citing an ongoing investigation.
In a crowded landscape of cyber crooks, REvil has stood out for a series of brazen attacks. The group reportedly demanded $50 million from Apple earlier this year after hacking one of the tech giant's suppliers.
The FBI has also blamed REvil for a May ransomware attack on JBS USA, which accounts for about a fifth of US beef production. The incident forced JBS to temporarily shut down production at facilities in Australia, Canada and the US. JBS paid the hackers $11 million to unlock their systems.
REvil has been deployed on about 175,000 computers worldwide, with at least $200 million paid in ransom, Garland said Monday.
Polyanin allegedly conducted about 3,000 ransomware attacks, including some on law enforcement agencies and municipalities throughout Texas, Garland said.
REvil has had a volatile few months. The websites the group uses to extract ransoms and shame victims went offline after the Kaseya hack, only to reemerge in September. But the group shut down again last month after a foreign government and Cyber Command, the US military's hacking unit, compromised the group's computer infrastructure, according to a Washington Post report.
State Department offers $10M for information on Colonial Pipeline hackers
State Department offers $10M for information on Colonial Pipeline hackers
To turn up the pressure, the State Department last week announced a $10 million reward for key information on the hackers behind the so-called DarkSide ransomware, which forced major US fuel provider Colonial Pipeline to shut down for days in May.
Government agencies have leaned heavily on private experts in their pursuit of criminal hackers. Cybersecurity firm Emsisoft, for example, saved victims of a type of ransomware millions of dollars in ransom payments by discovering a flaw in the hackers' code.
John Fokker, a former Dutch cybercrime investigator who is now with cybersecurity firm McAfee Enterprise, told CNN that his team had helped law enforcement identify multiple suspects involved in REvil and Gandcrab, another type of ransomware.
No single law enforcement action will be a fatal blow to the lucrative, transnational ransomware economy.
Victims of ransomware attacks paid about $350 million in ransoms in 2020, according to Chainalysis, a firm that tracks cryptocurrency. But that figure is likely just a fraction of the digital extortion that went on that year. And victims who don't pay the ransom can spend millions of dollars rebuilding their computer infrastructure.
FBI Director Christopher Wray told US lawmakers in September that the bureau was investigating more than 100 different types of ransomware.
