An alleged member of the REvil ransomware gang has been arrested in Poland

The Justice Department has announced the arrest and indictment of an alleged member of the REvil hacking group, linked to ransomware attacks on IT firm Kaseya, an Apple supplier, and more. According to the department, Ukrainian national Yaroslav Vasinskyi is facing extradition to the US after Polish authorities detained him in October and after the US indicted him for cybercrimes in August, as revealed by a now-unsealed court document. The arrest, along with the government seizing assets it says are linked to REvil’s operations, is another step in the fight against ransomware, which has been a growing issue for US-based companies.

The DOJ also says it has seized $6.1 million in assets from the FTX crypto trading exchange, allegedly linked to REvil ransomware. The money belonged to Russian national Yevgeniy Polyanin, who has also been indicted for allegedly working with REvil to attack corporate and government targets. Polyanin was also indicted in August, though CNN and the DOJ report he hasn’t been caught yet.

You can read both indictments below, which detail REvil’s alleged process of breaking into computer networks, gaining control over them, and then stealing companies’ data, locking the rightful owners out by encrypting data and deleting any backups. Companies would, however, be able to gain access back to the data if they paid a ransom — otherwise, their data could be sold or posted to the web. This happened to Apple supplier Quanta, whose documents detailing Apple’s new MacBooks were posted to REvil’s blog well before any official information was released.

The indictments don’t explicitly say what roles Vasinskyi and Polyanin allegedly played in the attacks, only accusing them of being involved and working with other team members to carry out attacks. The Department of Justice says that Vasinskyi and Polyanin could each face over 100 years in prison if convicted on all counts levied against them. Two other people involved with REvil were also arrested. The government is also willing to spend big on catching more alleged members — it’s offering an up to $10 million reward for info that leads to the arrest of REvil leadership and up to $5 million for info about people trying to work for the group.

The arrest and hunt for REvil operators is just part of the government’s work against the ransomware outfit — reports started surfacing in October that the FBI, Secret Service, Cyber Command had taken REvil’s website offline using some of the group’s own tactics against it. The Treasury Department named it in a report as one of the biggest ransomware groups when measuring by payout size.

As ransomware attacks have hit major targets in the US over the past few years, they’ve loomed larger on the US government’s radar — it’s created a ransomware task force and set up a team to investigate crimes relating to cryptocurrencies. President Joe Biden said in a statement that the government is using its “full strength” to “disrupt malicious cyber activity and actors” and that the arrests and financial seizures were part of its efforts to “hold accountable those that threaten our security.” Acting US Attorney Chad E. Meacham said that the Justice Department “will delve into the darkest corners of the internet and the furthest reaches of the globe to track down cyber criminals.”

Unsealed Vasinskyi Indictment:

Unsealed Polyanin Indictment: