The United States Justice Department today announced that it has arrested Ukrainian Yaroslav Vasinskyi for his involvement with REvil, a group that executed ransomware attacks against businesses and government entities in the United States.
REvil in April targeted Apple supplier Quanta Computer and stole schematics of the design of the 14 and 16-inch MacBook Pro models that were later released in October. The schematics unveiled MacBook Pro features like additional ports and the design of the notch, and REvil extorted Apple by threatening to release additional documents if the Cupertino company didn't pay a $50 million fee.
The ransom situation fizzled out just days after REvil made its demand, and the group mysteriously removed all documents and extortion threats related to Apple from its website.
REvil continued on with its illicit activities and in May, was responsible for a cyberattack on the Colonial Pipeline that caused gas shortages on the East Coast of the United States. In July, REvil took advantage of a vulnerability in management software designed for Kaseya, targeting between 800 and 1,500 businesses worldwide.
The DoJ says that Vasinskyi was involved in the Kaseya attack, and it's not clear if he was also part of the attack on Apple supplier Quanta Computer. He was arrested in Poland and is awaiting extradition to the United States.
Along with Vasinskyi's arrest, the Department of Justice has seized $6.1 million received by Yevgeniy Polyanin, who was also involved with REvil and was responsible for attacks against multiple victims. Two other arrests have been made in Romania, but details have not been shared.
"The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners," said FBI Director Christopher Wray. "The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil. Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be."
Both Vasinskyi and Polyanin have been charged with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. Vasinskyi is facing a maximum of 115 years in prison if convicted, while Polyanin could be facing up to 145 years. Though Vasinskyi is in custody, Polyanin has not been arrested and is believed to be abroad.
The U.S. government has been working with allies in other countries to put a stop to REvil. In October, Reuters reported that multiple government agencies teamed up to hack REvil and take its "Happy Blog" website used to leak stolen documents offline.
