The U.S. Department of Justice on Monday unsealed charges against two foreign nationals alleged to be part of the notorious REvil ransomware group that targeted Apple supplier Quanta earlier this year.
Ukrainian national Yaroslav Vasinskyi, 22, was taken into custody in Poland on Oct. 8 and is awaiting extradition proceedings to the U.S. in connection with multiple ransomware attacks, including the hack of IT management firm Kaseya in July.
According to information released by the Justice Department, Vasinskyi allegedly used a Kaseya product to deploy malicious Sodinokibi/REvil code to customers on the company's sprawling network. Similar to other REvil group operations, companies affected in the Kaseya incident found their local data encrypted with no means to regain access without first paying a ransom. The extortion rate was initially set at $70 million for a universal decryptor capable of unlocking systems and terminals tied to the breach.
As noted by Engadget, which reported on the indictments today, some 1,500 businesses were impacted in the attack.
In addition to Vasinskyi, the DOJ seized $6.1 million in funds that can be traced back to ransom payments received by Yevgeniy Polyanin, 28, a Russian national tied to the REvil outfit. Polyanin is at large and believed to be residing abroad.
Both Vasinskyi and Polyanin are charged with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers and conspiracy to commit money laundering, the DOJ said. If convicted of all counts, the alleged REvil members face jail time of 115 and 145 years, respectively.
"The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, U.S. government and especially our private sector partners," said FBI Director Christopher Wray. "The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil. Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be."
While not mentioned in today's release, REvil was linked to the April hack of Apple supplier Quanta. The group threatened to release "confidential drawings" of future Apple Watch, MacBook Air and MacBook Pro models if a $50 million ransom wasn't paid. To validate the hack, REvil leaked a handful of schematics claiming to show purported next-generation MacBook Air and MacBook Pro models, the latter of which proved to be accurate.
In October, it was reported that the FBI, U.S. Cyber Command, and the Secret Service partnered with unnamed foreign allies to hack REvil's infrastructure, effectively taking the group offline.