US imposed sanctions and brought charges against Russian hacker from the REvil group

[Tomcat]

The United States has filed criminal charges in a cyber extortion case against Russian citizen Yevgeny Polyanin

Accusations were brought in absentia against Russian citizen Yevgeny Polyanin, suspected of hacker attacks. Also, sanctions were imposed against him, the US Department of Justice said.

The American authorities believe that Polyanin is a member of the REvil hacker group, also known as Sodinokibi. The FBI believes that "Polyanin is presumably in Russia, possibly in Barnaul."

In another article on the FBI website, it is reported that 28-year-old Russian citizen Yevgeny Polyanin and 22-year-old Ukrainian citizen Yaroslav Vasinsky are accused of attacks on enterprises and government institutions of the United States using the ransomware programs Sodinokibi and REvil. They are also accused of a cyberattack against the international IT company Kaseya using a ransomware virus. This company produces software for the provision of Internet services in a remote format.

As CNN reported, the United States is about to accuse Vasinsky and Polyanin of conspiracy to commit fraud and money laundering. According to the TV channel, 22-year-old Vasinsky was detained in October in Poland. He is currently awaiting extradition.

 

[Father]

A citizen of Ukraine, 24-year-old Yaroslav Vasinsky, who is associated with organizing the REvil (Sodinokibi) attack on Kaseya's servers in 2021, was sentenced to 13 years and seven months in prison, as well as paying $ 16 million.

According to the US Department of Justice, Vasinsky was known online as MrRabotnik (as well as Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22) and since 2019 has hacked companies around the world (making a total of at least 2,500 attacks), then deploying REvil malware in their infrastructure. As a result, the hackers demanded a ransom from the victims for a total amount of more than 700 million US dollars.

"Yaroslav Vasinsky and his accomplices hacked thousands of computers around the world and encrypted them using a ransomware program," the Ministry of Justice said. "They then demanded a ransom of more than $ 700 million and threatened to publicly disclose the victims' details if they refused to pay."

Vasinski was arrested in October 2021, based on a warrant issued in the United States, while trying to enter Poland. He was charged with conspiracy to commit fraud, intentionally damaging a secure computer, and conspiracy to launder money.

Then law enforcement officers connected REvil operators with attacks on Kaseya, which are considered one of the largest extortion incidents in history. So, in 2021, customers of the MSP solution provider Kaseya suffered from a large-scale cryptographer attack. Then hackers used 0-day vulnerabilities in the company's product (VSA) and used them to attack Kaseya users. Patches were soon released for these vulnerabilities.

The main problem was that most of the affected VSA servers were used by MSP providers, i.e. companies that manage the infrastructure of other clients. This means that the attackers deployed the cryptographer in thousands of corporate networks. According to official data, the compromise affected about 60 Kaseya clients, through the infrastructure of which hackers managed to encrypt more than 1,500 corporate networks.

In March 2022, Vasinsky was extradited to the United States to stand trial and answer for at least nine ransomware attacks on American organizations. The maximum possible penalty for all charges was 115 years in prison with confiscation of all property and financial assets.

As a result, Vasinsky pleaded guilty to 11 counts and was now sentenced by the court to 13 years and seven months in prison. He was also ordered to pay $ 16 million in restitution.

In addition, the statement of the US Department of Justice reports the seizure of 39,8913,8522 bitcoins and $ 6.1 million related to extortionate payments and hacker operations in which Vasinsky was involved.

• Source: https://www.justice.gov/opa/pr/sodinokibirevil-affiliate-sentenced-role-700m-ransomware-scheme