DOJ: Ukrainian ransomware suspect extradited from Poland to face charges in Texas

Bart Jansen, USA TODAY
·3 min read
  • Oops!
    Something went wrong.
    Please try again later.

WASHINGTON – A Ukrainian national accused of a major ransomware attack will face charges in Texas after his extradition from Poland, the Justice Department announced Wednesday.

Yaroslav Vasinskyi, 22, is charged with unleashing ransomware known as Sodinokibi/REvil against companies including Kaseya, a multi-national information software company, and demanding $70 million in ransom, according to his August 2021 indictment.

He was arranged in a federal court in Texas Wednesday.

In this file photo taken Nov. 8, 2021, US Attorney General Merrick Garland speaks during a news conference over a ransomware cyberattack, at the Department of Justice, in Washington, D.C. - Garland announced Wednesday the launch of a task force to pursue "corrupt Russian oligarchs" and violators of sanctions imposed on Russia for its invasion of Ukraine.

Attorney General Merrick Garland had announced last year investigating ransomware would be a priority.

“The United States, alongside our international partners, will continue to swiftly identify, locate, and apprehend alleged cybercriminals, capture their illicit profits, and bring them to justice,” Garland said in a statement Wednesday.

REvil had been linked to ransomware that targeted the world's largest meat producer, Brazil-based JBS SA, and an attack that snarled businesses worldwide last year.

JBS resumed operations in June after servers in North America and Australia were targeted. Backup servers weren’t affected and the company said it was not aware of any customer, supplier or employee data being compromised.

More: Majority of $4.4 million cryptocurrency ransom payment in Colonial Pipeline hack recovered

Also in June, the Justice Department seized $2.3 million in cryptocurrency from a payment made by Colonial Pipeline following a ransomware attack. The attack had forced the company to temporarily halt operations for nearly a week, creating fuel shortages in parts of the country and panic buying in the Southeast.

“When we are attacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be,” Deputy Attorney General Lisa Monaco said in a statement.

Vasinskyi was allegedly responsible for the July 2, 2021, ransomware attack against Kaseya, according to the indictment. He allegedly deployed malicious Sodinokibi/REvil code throughout a Kaseya product that reached “endpoints” on its customer networks, according to the indictment.

After remote access was established, the ransomware was executed on those computers, which resulted in the encryption of data on computers of organizations around the world that used Kaseya software, the indictment reads.

Vasinskyi allegedly left electronic notes in the form of a text file on the victims’ computers. The notes included a web address leading to an open-source privacy network known as Tor, as well as the link to a publicly accessible website address the victims could visit to recover their files.

If a victim did not pay the ransom, the defendant typically posted the victim’s stolen data or claimed they sold the stolen data to third parties, and victims remained unable to access their files.

More: US under cyber attack believed to be tied to Russia: Private sector, infrastructure, all levels of government at risk

Vasinskyi is charged with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering. If convicted of all counts, he faces a maximum sentence of 115 years in prison.

Vasinskyi was arrested in Poland and transported to Dallas by U.S. law enforcement authorities where he arrived on March 3.

This article originally appeared on USA TODAY: Ransomware suspect, Ukrainian national, arraigned on charges in Texas