REvil ransomware arrests: U.S. seek extradition of Ukrainian, 2 others busted in international cyberattacks

  • U.S. authorities are seeking the extradition of a Ukrainian man,Yaroslav Vasinskyi, suspected of collecting millions of dollars in ransom after using REvil ransomware to attack about 2,500 targets.
  • Romanian authorities have arrested two people suspected of cyberattacks worldwide that used the REvil ransomware, the European law enforcement agency Europol announced.
  • The duo are suspected of causing 5,000 infections with the ransomware, pocketing a half a million euros in ransom payments, according to Europol.
  • The Russia-linked REvil Group, also known as Sodinokibi, on July 2 launched an international ransomware attack.
  • About a month before that, the group attacked the world's largest meatpacking company JBS, leading the firm to shut down operations, disrupting meat production in North America and Australia.

U.S. authorities are seeking the extradition of a Ukrainian man suspected of collecting $2.3 million in ransom after using REvil ransomware to attack about 2,500 targets, NBC News reported Monday.

Earlier Monday, the European law enforcement agency Europol announced that Romanian authorities have arrested two other people suspected of cyberattacks in 17 countries that used the REvil ransomware to lock affected computers.

The duo, who were not identified, are suspected of causing 5,000 infections with the ransomware, pocketing a half a million euros in ransom payments, according to Europol, which said the arrests were made Thursday.

The man being sought by U.S. prosecutors, 22-year-old Yaroslav Vasinskyi, was arrested last month at the request of the U.S. government as he tried to enter Poland from Ukraine, NBC reported.

The U.S. Justice Department said Vasinskyi was behind an early July attack against Miami-based software company, Kaseya. That attack in turn affected at least 1,500 businesses in the U.S. and other countries by spreading through Kaseya software.

In that attack, the targets were told to pay a total of $70 million to have their computers unlocked.

The U.S. Justice Department is scheduled to hold a press conference later Monday "to make announcements on a significant law enforcement matter," according to an alert from the department, which did not otherwise identify the nature of the case.

The Russia-linked REvil Group, which also known as Sodinokibi, on July 2 launched an international ransomware attack.

About a month before that, the group attacked the world's largest meatpacking company JBS, leading the firm to shut down operations, disrupting meat production in North America and Australia.

CNBC Politics

Read more of CNBC's politics coverage:

  • FBI reportedly executes search warrant at home of Project Veritas founder linked to investigation into Biden daughter's stolen diary
  • Republican appointed judges halt Biden Covid vaccine mandate for private businesses
  • House passes landmark $1 trillion infrastructure bill, sends it to Biden

In mid-July, so-called dark web sites affiliated with REvil were shut down. American authorities refused to say whether the U.S. had taken action against the sites.

But a National Security Council official days before had told reporters that U.S. authorities expected to take action against ransomware groups soon.

"We're not going to telegraph what those actions will be precisely," that official said. "Some of them will be manifest and visible, some of them may not be. But we expect them to take place in the days and weeks ahead."

Europol on Monday noted that since February, authorities have arrested three other affiliates of REvil.

This is breaking news. Check back for updates.

Source: Read Full Article