The department said it had charged a Russian national in one attack and recovered $6.1 million in ransom. It also arrested a Ukrainian man for another attack.
The Justice Department said on Monday that it had brought charges against a Russian national whom it accused of conducting ransomware attacks against American government entities and businesses, including one that temporarily shut down the meat supply giant JBS. In the Biden administration’s latest crackdown on cybercrime, the Justice Department also announced that it had seized $6.1 million in ransom paid to the Russian man, Yevgeniy Polyanin,28, who was accused in court documents of deploying ransomware known as REvil against businesses and government offices in Texas in 2019. Mr. Polyanin, who is believed to be abroad, has not been taken into custody by American authorities and the prospects of him facing trial in the United States remain unclear. The department also unsealed a separate indictment on Monday accusing a Ukrainian national, Yaroslav Vasinskyi,22, with conducting multiple ransomware attacks, including the July 2021 assault on the technology company Kaseya. The attack on Kaseya, which manages internet technology infrastructure for other companies, allowed hackers to infect the systems of Kaseya’s hundreds of customers, including Swedish pharmacies and grocery chains. Mr. Vasinskyi was arrested last month by authorities in Poland as he crossed into that country, and the Justice Department is seeking his extradition to stand trial in the U.S. “The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims,” Attorney General Merrick B. Garland said in a statement. The arrests are part of a sustained, coordinated, global effort to combat ransomware. That effort has intensified in recent weeks as authorities in Ukraine, Romania, Kuwait and South Korea started arresting cybercriminals who use what is known as “ransomware as a service.” “We are bringing the full strength of the federal government to disrupt malicious cyberactivity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals,” President Biden said in a statement on Monday.
