U.S. Charges Ukrainian and Russian for Kaseya Cyberattack

Close up of a smartphone with Kaseya Logo

The U.S. Justice Department has charged two persons, a Ukrainian and a Russian national, for their role in the Kaseya ransomware attack. The Department has also seized $6 million worth of ransom payments and has filed charges in the U.S. District Court for the Northern District of Texas.

The attack, which took place in July this year, infected Kaseya’s software tools with REvil ransomware. Consequently, the hack affected many of Kaseya’s customers.

Overall, the ransomware attack impacted approximately 1,500 businesses, with some of the victims paying ransoms to the hackers. According to the U.S. Treasury’s estimates, the ransom payments exceed $200 million. Read on to learn more about the suspects and the charges they face.

Information on the Suspects and the Charges

The two individuals charged by the U.S. Justice Department are Yaroslav Vasinskyi, a Ukrainian national, and Yevgeniy Polyanin, a Russian national. Both Vasinskyi and Polyanin are suspected REvil operatives.

Vasinskyi was arrested in Poland last month and is expected to be extradited to the U.S. shortly. Polyanin remains at large.

The accused will face charges in the U.S. for deploying the REvil ransomware. They are also charged with other crimes, such as conspiracy to commit fraud and conspiracy to commit money laundering.

The indictment against Vasinskyi stated that he and other conspirators “started deploying hacking software around April 2019 and ‘regularly’ updated and refined it.”

Latvian and Estonian government agencies contributed to the investigation, according to the U.S. Treasury Department.

Details on the Kaseya Ransomware Attack

According to the U.S. Department of Treasury, Vasinskyi was behind the July 2021 ransomware activity against Kaseya. The Treasury added that the attack causes “significant disruptions to the computer networks of Kaseya’s customer base.”

The hackers spread the ransomware by corrupting one of Kaseya’s popular software tools. Thereafter, the REvil ransomware infected many of Kaseya’s customers.

The malware encrypts all infected networks, which means they cannot be accessed without a decryption key. A few weeks after the attack, authorities managed to recover and distribute a master decryption key. However, some of the infected businesses paid a ransom in the interim.

Governments around the world have attempted to stop ransomware gangs such as REvil for a very long time. The Kaseya incident turned out to be the beginning of the end for REvil. Shortly after the incident, several U.S. federal agencies worked together to take down the ransomware gang.

If you’re interested in learning more about ransomware, check out our detailed resource here.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.