REvil ransomware attacks: US charges Ukrainian, Russian hackers, seizes $6.1M

Two suspected criminal hackers have been charged in the United States in connection with a wave of ransomware attacks, including one that led to the temporary shutdown of the world’s largest meat processor and another that snarled businesses around the globe on the Fourth of July weekend, U.S. officials said Monday.

Attorney General Merrick Garland and other top officials announced charges against Ukrainian Yaroslav Vasinskyi and Russian Yevgeniy Polyanin, alleging them to be part of the REvil ransomware gang. Officials said Vasinskyi was recently arrested in Poland and that the U.S. government had recovered $6.1 million in ill-gotten funds from Polyanin.

"The Justice Department is sparing no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack," Garland said.

The Treasury Department also announced sanctions against the pair as well in what it said was a virtual currency exchange, Chatex, the department said was used by ransomware gangs.

Attorney General Garland Holds Press Conference On Law Enforcement Matter

WASHINGTON, DC - NOVEMBER 08: U.S. Attorney General Merrick Garland speaks during a press conference at the Robert F. Kennedy Main Justice Building on Nov. 8, 2021, in Washington, D.C. (Photo by Chip Somodevilla/Getty Images)

REvil, also known as Sodinokibi, has been linked in recent months to ransomware targeting the world's largest meat processor, JBS SA, as well as a Fourth of July weekend attack that snarled businesses around the world through a breach of a Florida-based software company called Kaseya.

European law enforcement authorities also announced Monday that they had arrested two other suspected ransomware operators with links to REvil in Romania. They are among seven hackers suspected to have links to ransomware attacks that have targeted thousands of victims and have been arrested since last February as part of a global cybercrime crackdown, European announced said.

None of those arrested hackers was identified by name, but Europol said two suspected hackers believed to be linked to the ransomware gang known as REvil were arrested last week for involvement in attacks that yielded about $580,000 in ransom payments. Authorities in Kuwait arrested another accused hacker last week, and South Korean authorities have arrested three since last February. A seventh was arrested last month in Europe. The arrests were part of a law enforcement investigation called GoldDust that involved the United States and 16 other countries

Deputy Attorney General Lisa Monaco appeared to foreshadow Monday's announcement in an interview with The Associated Press last week, saying that "in the days and weeks to come, you're going to see more arrests" as well as seizures of ransomware proceeds.

The Justice Department has tried multiple ways to address a ransomware wave that it regards as a national security and economic threat. Arrests of foreign hackers are significant for the Justice Department since many of them operate in the refuge of countries that do not extradite their own citizens to the U.S. for prosecution.

"There’s lots of reasons why people travel, and I can’t get into the specific reasons why Mr. Vasinskyi traveled, but boy are we glad he did," FBI Director Christopher Wray said.

The Justice Department in June seized $2.3 million in cryptocurrency from a payment made by Colonial Pipeline following a ransomware attack that caused the company to temporarily halt operations, creating fuel shortages in parts of the country.

RELATED: Hackers breached organizations in defense, energy, other sectors, cybersecurity firm says


Suderman reported from Richmond, Virginia. Associated Press writer Jake Bleiberg in Dallas contributed to this report.