According to a statement published on the US Federal Bureau of Investigation’s (FBI) website on Monday, Russian national Yevgeniy Polyanin has been put on its wanted list on charges of cybercrimes as one of many Sodinokibi/REvil ransomware affiliates.
According to FBI’s statement, Polyanin is wanted for his alleged involvement in money laundering activities and ransomware attacks. On top of the charges, the DoJ also announced the seizure of $6.1 million in funds amassed by ransom payments received by Polyanin, who’s believed to be in Russia.
It also confirmed the announcement issued previously by the US Treasury Department on the arrest of another of Sodinokibi/REvil ransomware affiliates, Yaroslav Vasinskyi in Poland in October.
According to the department, Polyanin and Vasinskyi were part of the cybercriminal group REvil – also known as Sodinokibi – that has collected more than $200 million in ransom payments paid in Bitcoin and Monero by engaging in ransomware activities.
FBI’s statement explains that Polyanin was using and deploying Sodinokibi and REvil ransomware to leave electronic notes on victims’ computers that included web addresses for the victims to visit and have their files decrypted.
Victims that paid the ransom amount were provided with decryption key by Polyanin to access their files while Polyanin was posting exfiltrated data of those who didn’t pay or was claiming to have sold the exfiltrated data to third parties.
Victims were paying the ransom amount demanded in virtual currency they were provided with.
Vasinskyi is now facing 11 charges the US Department of Justice has filed against him for deploying Sodinokibi/REvil ransomware with an aim of cyber extortion of ten US companies, without giving their names in the document.
This case in particular refers to the July hacking attack on the Kaseya software company that infected computers of over 1,500 businesses around the world with hackers demanding a ransom of $70 million.
Meanwhile, the US imposed sanctions against Polyanin and Vasinskyi for their part in cybercrimes against US companies within Sodinokibi/REvil ransomware incidents and illegal manipulations with crypto currencies.
Be the first to comment