U.S. hits REvil ransomware group linked to attack on JBS
The Justice Department is seeking extradition of a Ukranian man on ransomware charges and has seized $6.1 million in alleged ransom payments from a Russian man, said Attorney General Merrick Garland on Monday. Both men were part of the REvil cybercriminal gang linked to an attack that shut down JBS cattle slaughter plants in the United States, Canada and Australia in early summer.
Yaroslav Vasinskyi, of Ukraine, and Yevgeniy Polyanan, of Russia, were accused of other attacks but FBI director Christopher Wray listed JBS among victims of “this ransonware strain” that has hit businesses worldwide. JBS USA chief executive Andre Nogueira said the company paid $11 million to prevent future attacks. REvil is among cyber gangs believed to operate from Russia.
“When I met with (Russian) President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable. That’s what we have done today,” said President Biden in a statement following the Justice Department announcement.
Vasinskyi, 22, was indicted on charges of fraud, money laundering, and damage to a protected computer for the ransomware attack on software company Kaseya and several other businesses in July. He was arrested in Poland on Oct 8. Vasinskyi and other conspirators authored the REvil software, used it to seize control of computer systems of targeted companies, and demanded payment in exchange for freeing the systems, according to the U.S. indictment.
A federal court in Texas issued an order to seize money held in Polyanin’s account in FTX Trading Limited following his indictment on charges of money laundering and damage to a protected computer for an attack on businesses and government entities in Texas in August.
Two other “Sodinokibi/REvil actors” were arrested in Romania, said Wray. He said the seizure of money from Polyanin showed “the long arm of the law reaches a lot further than they think.”
If convicted on all counts, Vasinskyi and Polyanin would each face sentences of more than 100 years in prison.
“Cybercrime is a serious threat to our country,” said Garland. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”
Police and judicial officials in Romania, Canada, France, the Netherlands, Poland, Norway, Australia, Germany, Switzerland, and Britain took part in the investigation, said the Justice Department.
JBS said all of its plants were fully operational four days after the cyber attack during the Memorial Day weekend. JBS, with headquarters in Brazil, is the world’s largest meat processor. JBS USA accounts for nearly a quarter of U.S. beef production.
In September, Russian hackers in a ransomware attack asked for $5.9 million to unlock the computer system of NEW Cooperative, a grain handler in northern Iowa.
To watch a C-SPAN video of the Justice Department announcement, click here.