U.S. prosecutors on Monday said they had charged a Ukrainian man with launching a July ransomware attack on an American firm that had infected 1,500 businesses throughout the world.
Authorities also announced they had seized $6 million in ransom payments made to a Russian national accused of launching more than 3,000 other attacks targeting American companies.
An indictment filed in the southwestern state of Texas by the Justice Department accused Yaroslav Vasinskyi, a Ukrainian national arrested in Poland last month, of unleashing the ransomware attack known as REvil on Florida-based firm Kaseya, a global information technology software infrastructure supplier, which in turn affected its customers across the globe.
Vasinskyi and another alleged REvil operative, Russian national Yevgeniy Polyanin, who was accused in the other attacks, were charged with conspiracy to commit fraud and conspiracy to commit money laundering, among other charges.
The U.S. Treasury Department also said the two men face sanctions for their roles in carrying out other ransomware attacks in the U.S., as well as creating a virtual currency exchange called Chatex “for facilitating financial transactions for ransomware actors.”
U.S. Attorney General Merrick Garland said Vasinskyi was in fact charged just six weeks after the July attack.
“His arrest demonstrates how quickly we will act, alongside our international partners, to identify, locate and apprehend alleged cybercriminals, no matter where they are,” Garland said.
U.S. President Joe Biden has urged Russian President Vladimir Putin to stop providing a haven for cybercriminals in Russia, where many of the attacks are believed to originate. Hackers have locked up companies’ computer operations from afar and demanded millions of dollars in ransom payments to let the companies resume their operations.
Authorities said the July attack corrupted a widely used software tool made by Kaseya, and its customers were immediately infected with REvil encryption. Some of the companies paid ransoms totaling millions of dollars in cryptocurrencies to resume business operations, though a master decryption key was eventually recovered by authorities and distributed weeks later.
Many of the 1,500 companies affected by the attack on Kaseya use its software to handle back-office functions because they are too small to have their own technology departments.
Vasinskyi, 22, is being held in Poland pending U.S. extradition proceedings, while Polyanin, 28, remains at large.
The indictment of Vasinskyi alleged that he and other conspirators launched the hacking software around April 2019 and “regularly” updated and refined it.
Europol said Monday that Romanian authorities last week arrested two individuals suspected of cyberattacks using the REvil ransomware, with three others arrested earlier in the year.
Europol said Friday that 12 people suspected of mounting ransomware attacks against companies or infrastructure in 71 countries were “targeted” in raids in Ukraine and Switzerland.