In a breakthrough for the President Joe Biden administration’s pursuit of cybercriminals, law enforcement officials seized $6.1 million in ransom payments, and federal prosecutors charged a suspect over a July ransomware attack on American company Kaseya, according to a Department of Justice (DOJ) press release.
The suspect, Yaroslav Vasinskyi, a Ukrainian national, was arrested in Poland last month, the release stated. He and another alleged operative, Russian national Yevgeniy Polyanin, are charged with conspiracy to commit fraud, conspiracy to commit money laundering and other charges.
“The $6.1 million seized from Polyanin is alleged to be traceable to ransomware attacks and money laundering committed by Polyanin through his use of Sodinokibi/REvil ransomware,” the release stated. “… Polyanin is believed to be abroad.”
In a statement issued after the announcement, Biden said, “We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals.”
In late July, after the cyberattack earlier in the month, Kaseya came into possession of a universal key that could decrypt the over-1,000 businesses and public organizations that were affected by the attack.
Read more: Kaseya Receives Universal Key to Help Cyberattack Victims
There were several reasons why the key may have been released. Kaseya could have paid, the government might have done so, victims could have pooled funds, or the Kremlin could have taken the key from the criminals and handed it over via intermediaries.
By late July, many victims had likely rebuilt their networks or restored them from backups.
The Kaseya attack was particularly damaging because it spread through software used by managed service providers, which administer several customer networks’ software updates and security patches.