US DOJ Seizes Over $6M in Ransomware Payments, Charges REvil Affiliate

The US Department of Justice published a PR statement concerning recent actions taken in relation to past ransomware attacks, including the one against US company Kaseya.

The DOJ charged a certain Yaroslav Vasinskyi, a 22-year-old Ukrainian national, with "conducting ransomware attacks against multiple victims", one of which was Kaseya. Along with him, a Russian national by the name of Yevgeniy Polyanin was indicted, for carrying out ransomware attacks using REvil ransomware against entities located in the state of Texas.

Vasinskyi was arrested on the Ukrainian - Polish border and is believed to be one of the core REvil ransomware group members. He is awaiting extradition, according to the US - Polish extradition treaty. Even though Polyanin also has a great number of charges levied against him, he has not yet been arrested.

The DOJ also announced it had seized the sizeable sum of $6.1 million in ransomware payments from victims. The money was traced to Polyanin and was subsequently seized with the help of law enforcement agencies.

According to the charges levied by the US DOJ, Vasinskyi has been with the REvil ransomware gang for at least two years now. Over the course of this time period, he has participated in over 2 thousand attacks. According to the indictment documentation, Vasinskyi has also received over $2 million in ransomware payments, and the total amount of ransom demands linked with him is in the ballpark of $760 million.

Russian national Polyanin on the other hand is accused of collecting an estimated $13 million from REvil ransomware victims.

US authorities specifically thanked Kaseya for being so quick to contact the respective US authorities and believe this quick response helped in tracking down the people responsible.

Finally, the US Department of Treasury also sanctioned the Chatex crypto exchange. The reason for those measures was the alleged involvement in "facilitating financial transactions for ransomware actors". After taking a close look at the exchange's total volume of transactions, the DOT concluded that a major part of them were "directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware".