An international law enforcement action has resulted in the arrest of several people linked to what is currently the most prolific ransomware cartel. In November, This was announced by officials from the Justice Department Charges and an arrest of hackers linked to REvil (aka Sodinokibi), a Russian-speaking cyber gang that has been linked to a number of high-profile cybersecurity incidents over the past year, including ransomware attacks against the Miami-based company Software company Kaseya Ltd largest meat supplier.
Specifically, on November 8, 2021, the DOJ indicted two men (a 28-year-old Russian citizen named Yevgeniy Polyanin and a 22-year-old Ukrainian named Yaroslav Vasinskyi) for allegedly belonging to REvil. The individual charges against each man accuse computer crime and conspiracy to commit fraud and money laundering. Vasinskyi, who was arrested at the Polish border at the request of U.S. officials, is believed to have been behind the aforementioned Kaseya attacks, which included data from between 800 and 1,500 of Kaseya’s software customers in a REvil ransomware deployment in July Were encrypted in 2021. The incident affected large Swedish pharmacies and grocery chains that used Kaseya software.
The indictment against Polyanin, a Russian citizen, alleges his involvement in REvil ransomware attacks against multiple victims, including public and private entities in Texas in the summer of 2019. Polyanin is believed to be behind several thousand ransomware attacks that grossed $ 13 million Ransom payments from US companies only. The ministry also seized over $ 6 million in funds attributable to ransomware payments allegedly received from polyanin, the whereabouts of which are unknown.
Simultaneously with these charges, the financial department added REvil leadership as an official target under the Transnational Organized Crime Rewards Program, offering up to $ 10 million in rewards for information that leads to the identification or location of individuals who hold “important leadership positions in the Sodinokibi.” / REvil-Ransomware ”group. Also on November 8th Europol and Romanian authorities announced the arrest of two men responsible for approximately 5,000 Sodinokibi / REvil infections. This activity was part of an international effort called Operation GoldDust, which investigated a REvil predecessor called GandCrab and which involved 17 countries, Europol, Eurojust and INTERPOL. The international community made a number of other arrests of people with REvil / GandCrab connections in 2021, including hackers found in South Korea and Kuwait.
A ransomware attack is a type of blackmail in which hackers gain unauthorized access to a system, lock the victim’s data using encryption, and demand payment to unlock or “decrypt” the data. Often times, the malicious actors also advise victims to release stolen files to the public, provided they do not receive additional payments. According to IBM’s Threat Intelligence Index, REvil stole approximately 21.6 terabytes of data and made ransomware payments worth at least $ 123 million worldwide in 2020 (a significant portion of the estimated $ 416 million reported Ransomware payments in the US this year). The White House reported reported ransomware payments totaling $ 590 million in the first half of 2021 alone, suggesting an alarming increase in the volume and / or success rate of these attacks. In addition, a number of ransomware attacks targeted critical resources or infrastructure in 2021. Ransomware has therefore become a national security priority, which explains the unprecedented national and international coordination against REvil.
However, these arrests and charges are not the US government’s first confrontation with REvil. In July 2021, following a REvil-related ransomware attack on the world’s largest meatpacker, the REvil-related websites on the dark web were closed. The US authorities did not immediately take notice of this incident, but it was recognized by the. reported Washington Post that the US Cyber Command, in coordination with a foreign government, hacked REvil’s servers and blocked its website again in October 2021.
With these developments, the Biden administration has signaled its intention to keep President Biden’s promise to Vladimir Putin in June 2021 that the US would “take steps to hold cybercriminals accountable”. It is widely believed that most of the ransomware developers are based in Russia, which hinders law enforcement opportunities for the US and Europe as Russia lacks extradition agreements with many western countries. While Russia seems unlikely to assist in the arrest or prosecution of polyanine or others like him, the escalation in the international community’s fight against ransomware and other cybercrimes has been remarkable in recent months.
However, some commentators fear that other cyber gangs running other strands of ransomware could fill the void if REvil is targeted or dismantled. Examples of upstarts are the PYSA ransomware (stands for “protect your data, amigo”), which this year targeted schools in the US and UK. Businesses should applaud and support recent government efforts to contain and prosecute cybercrime, but these efforts are not expected to have any short-term impact on the risk or threat landscape. Organizations of all sizes should proactively and regularly take a careful inventory of their system security / risk, incident response plan, and insurance coverage to limit loss and liability in the event of a ransomware incident.
#Europe #target #leading #ransomware #cartel #Supra