The U.S. Justice Department has charged a Russian and a Ukrainian for their role in a July ransomware attack on the Florida-based software firm Kaseya that impacted up to 1,500 businesses around the world.
Attorney General Merrick Garland said on November 8 that the United States also seized $6.1 million of illicit proceeds from Russian ransomware hacker Yevgeny Polyanin, who remains at large.
The other suspected ransomware attacker, Ukrainian Yaroslav Vasinskiy, was arrested in Poland last month, and the United States has requested his extradition.
Vasinskiy will face U.S. charges for using the ransomware REvil, also known as Sodinokibi, which has been used in a series of attacks on U.S. and international businesses, governments, and other institutions.
The Treasury Department also said the two men faced sanctions for their role in ransomware attacks, as well as the virtual currency exchange Chatex.
"Unprincipled virtual currency exchanges like Chatex are critical to the profitability of ransomware activities, especially by laundering and cashing out the proceeds for criminals," the Treasury said.
In a coordinated action, the State Department also announced a reward of up to $10 million for information leading to the identification or location of anybody holding a leadership position in the Sodinokibi/REvil ransomware crime group.
The State Department also offered a reward of up to $5 million for information leading to the arrest and conviction in any country of any individual participating in Sodinokibi/REvil ransomware attacks.
REvil, a group of Russian-speaking hackers, has been blamed for a series of high-profile ransomware attacks, in which hackers encrypt victims’ data and then demand cryptocurrency to regain access.
Ransomware has become a top priority for governments as the number and severity of cases has surged in recent years, impacting a wide array of industries from retail and food to health care and critical infrastructure.
According to the U.S. Treasury, ransomware payments in the United States so far have reached $590 million in the first half of 2021, compared to a total of $416 million in 2020.
Earlier on November 8, the European police agency said Romanian police arrested two individuals last week as part of a global crackdown on cybercriminals behind ransomware attacks.
The two were arrested last week on suspicion of deploying cyberattacks using ransomware from REvil, which is viewed as the successor of GandCrab malware, Europol said in a statement on November 8.
Police agencies from 17 countries with the support of Europol and the international police body Interpol were involved in the monthslong operation dubbed "GoldDust.”
The European police agency said that in recent months three other affiliates of REvil/Sodinokibi and two suspects connected to GandCrab were also arrested in the global sting on cybercriminals.
The three people were arrested in South Korea, Europe, and Kuwait.
The two arrested in Romania alone were responsible for around 5,000 infections, which pocketed around 500,000 euros ($580,000), Europol said.
"All these arrests follow the joint international law enforcement efforts of identification, wiretapping, and seizure of some of the infrastructure used by Sodinokibi/REvil ransomware family," Europol said.
Questions about the fate of the group emerged in July, when webpages linked to REvil disappeared from the dark web, sparking speculation about whether the move was the result of a government-led action.
With reporting by Reuters