Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Justice Department Scores: REvil Principal Arrested, $6 Million Seized, Bounties Offered

November 10, 2021

On November 8, KrebsOnSecurity reported on a story that made headlines everywhere. The U.S. Department of Justice announced the arrest of a Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal gang that has extorted hundreds of millions from victims.

The DOJ also said it had seized $6.1 million in cryptocurrency from another REvil affiliate, and that the U.S. Department of State is offering up to $10 million for the name or location any key REvil leaders, and up to $5 million for information about REvil affiliates.

Could you really stand a chance at getting a piece of the action? Maybe. These bad actors haven’t done much to separate their cybercriminal identities from their real-life identities.

Yaroslav Vasinskyi, the 22-year-old Ukrainian national accused of being REvil Affiliate #22, was arrested October 8 in Poland, which has an extradition treaty with the United States. Prosecutors say Vasinskyi was involved in a number of REvil ransomware attacks, including the July 2021 attack against Kaseya, a Miami-based company whose products assist system administrators in managing large networks remotely.

Yaroslav Vasinksyi’s Vkontakte profile reads “If they tell you nasty things about me, believe every word.”

Cheeky, yes?

The DOJ also said it had seized $6.1 million traceable to alleged ransom payments transferred to Yevgeniy Igorevich Polyanin, the 28-year-old Russian national who is alleged to be REvil Affiliate #23 and who is thought to be involved in REvil ransomware attacks on a number of U.S. victims.

Krebs explains that “it’s possible in many cases to make that connection thanks to two factors. The biggest is password re-use by cybercriminals (yes, crooks are lazy, too). The other is that cybercriminal forums, services, etc. get hacked just about as much as everyone else on the Internet, and when they do their user databases can reveal some very valuable secrets and connections.”

Finally, the U.S. Department of State announced it was offering a reward of up to $10 million for information leading to the identification or location of any individual having a key leadership position in the REvil ransomware group. The department is also offering a reward of up to $5 million for information leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a REvil ransomware incident.

Like Krebs, I like the bounty offers and hope they are extended to other ransomware gangs.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology