Yaroslav Vasinskyi, Ukrainian arrested & indicted with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya…
..actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.
Relevant Court Filings
Unless otherwise specified all embedded links are from the Department of Justice --If convicted of all counts, each defendant faces a maximum penalty of 115 and 145 years in prison. Today’s DOJ-OPA Announcement is a testament of how serious the DOJ and the whole of the Biden Administration’s view cyber attacks, see July 2021 article found here
Defendant Yevgeniy Polyanin (not in custody)
The Department of Justice simultaneously announced the seizure of $6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on or about Aug. 16, 2019. It is kind of important that you read the Government’s Motion to Unseal the Defendant”s Indictment.
The list of victims targeted by Defendant Yevgeniy Polyanin can be found on pages 4 and 5 of his indictment -specifically alleges Defendant Yevgeniy Polyanin Sodinokibi/REvil ransomware -was responsible for 3,000 unique attacks, demanded $3.9 Billion in ransoms and was eventually paid $35 Million in Bitcoin and Monero, respectively…
Now most of the time I skip past a motion to unseal an indictment because the vast majority of the time this filing is pretty SOP notwithstanding if you read the Government’s Nov 5th filing - Motion to Unseal 1 - BOY are there some amazing facts. For Example:
Defendant Polyanin recently $13Million of the $35 Million paid as ransom
Sodinokibi/REvil ransomware Attacks appears to have targeted law enforcement and other critical infrastructure components
USA to Offer a reward of “any individual conspiring to participate (or attempting to participate) in Sodinokibi variant attacks”
Polyanin is not in custody but as you’ll note in the Government’s filing -they believe the public disclosure of his indictment and search warrant are in the best interest of locating the Defendant
Back to Defendant Yevgeniy Polyanin indictment -I believe this is the very first disclosure that the “text” file aka digital letter provided victims with a website which included a clock/time count down, periodic updates of increased ransom amounts (if a predetermined deadline was missed) and the website had a chat feature… brazen to say the least…
Defendant Yaroslav Vasinskyi (in custody)
Is in custody -on October 8, 2021 in Poland 2 at the request of the United States and the terns & conditions of the current en force MLAT, see State Department Link for current treaties - also see CyberScoop’s scoop they reported the arrest about a week ago…Vasinskyi Indictment -
as you’ll note the Nov 5th Motion affirms that Vasinskyi was arrested by Poland and the USA had assistance from both Poland and the Ukraine…and further affirmed in today’s DOJ-OPA release;
…Oct. 8, Vasinskyi was taken into custody in Poland where he remains held by authorities pending proceedings in connection with his requested extradition to the United States, pursuant to the extradition treaty between the United States and the Republic of Poland. In parallel with the arrest, interviews and searches were carried out in multiple countries, and would not have been possible without the rapid response of the National Police of Ukraine and the Prosecutor Governor's Office of Ukraine.
…Vasinskyi was allegedly responsible for the July 2 ransomware attack against Kaseya. In the alleged attack against Kaseya, Vasinskyi caused the deployment of malicious Sodinokibi/REvil code throughout a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to “endpoints” on Kaseya customer networks. After the remote access to Kaseya endpoints was established, the ransomware was executed on those computers, which resulted in the encryption of data on computers of organizations around the world that used Kaseya software.
…defendants allegedly left electronic notes in the form of a text file on the victims’ computers. The notes included a web address leading to an open-source privacy network known as Tor, as well as the link to a publicly accessible website address the victims could visit to recover their files.
Upon visiting either website, victims were given a ransom demand and provided a virtual currency address to use to pay the ransom. If a victim paid the ransom amount, the defendants provided the decryption key, and the victims then were able to access their files. If a victim did not pay the ransom, the defendants typically posted the victims’ stolen data or claimed they sold the stolen data to third parties, and victims were unable to access their files.
So the take away here is if you think the Biden Administration isn’t doing anything as it relates to cyber crimes - I regret to inform you that you’re wrong and uninformed and are likely amplifying the Blue-QANON and frankly unAmerican narrative that Biden is soft on cyber crime. But by all means - sure sweetie, you keep tweeting your bullshit Blue QANON & dragging Attorney General Garland and countless FBI agents.
After all the only motivation for you & your ilk is to stay relevant and clearly that goal far supersedes being factually or accurate. How you continue to whip up your followers into a unhinged frenzy of “take down the USIC writ large” or besmirching attorney general Garland at every chance you get is entirely lost on me. For the record your conduct doesn’t make you relevant or important it makes you an egotistical megalomaniac who thrives on creating division and grifting. Also it makes you an unAmerican Tw_twaffle -who likely hasn’t voted in years…
- XO Filey
See November 5, 2021 Motion to Unseal filed by USA https://ecf.txnd.uscourts.gov/doc1/177014686742 - or simply pull down from my Scribd Link/Account
See November 5, 2021 Motion to Unseal filed by USA as to Defendant Vasinskyi
https://ecf.txnd.uscourts.gov/doc1/177014686354 or see Scribd
I was glad to see this indictment today, but I think there is a growing frustration that Trump’s cabal are doing what they always do to delay and further defraud the electorate with lies. It just seems weird to me that we didn’t hear of massive turnover of Trump appointees having left DOJ, or FBI for that matter. He installed loyalists, and it just seems that by not holding Bannon in contempt it’s just a road map for the rest to take… aka Jeffrey Clark who simply refused to honor his oath to the constitution and just refused to answer questions. Where is HIS criminal referral? Are there joint defense agreements already in place? Why not pursue obstruction charges from the Mueller Report? Is the idea they can usher in a second term and Trump would just pardon them all then? Kind of a pretty good incentive to continue once you slid so far - including McCarthy and the rest. Anyway… I’m not blue whatever. I’m thinking Garland is a judge not a prosecutor… and it would be good if he showed more commitment to holding people accountable. I mean, they sure did love talking about investigations into Clintons - in fact, Durham is STILL doing that. And then you read that Wargames doc bulwark reported on today and I think… how were they so confident to assume the cops would so eagerly fall in line with a coup?