- President Joe Biden said law enforcement cases targeting the REvil ransomware gang had made good on a warning he gave months ago to Russian President Vladimir Putin that the U.S. "would hold cybercriminals accountable."
- U.S. authorities are seeking the extradition of a Ukrainian man, Yaroslav Vasinskyi, suspected of collecting millions of dollars in ransom after using REvil ransomware to attack about 2,500 targets.
- The Russia-linked REvil Group, also known as Sodinokibi, on July 2 launched an international ransomware attack.
President Joe Biden on Monday said new law enforcement cases targeting the REvil ransomware gang had made good on a warning he gave months ago to Russian President Vladimir Putin that the U.S. "would hold cybercriminals accountable."
Biden's comment came hours after the Department of Justice said it had seized more than $6 million in ransom payments linked to attacks by the Russia-linked REvil gang, and had filed criminal charges against two men suspected of orchestrating cyberattacks using that ransomware program
U.S. Attorney General Merrick Garland at a press conference said federal prosecutors are seeking the extradition of one of those men, Ukraine national Yaroslav Vasinskyi, who was arrested last month at the request of the U.S. government as he tried to enter Poland from Ukraine.
Garland said that the 22-year-old said was behind an early July attack against Miami-based software company, Kaseya. That attack in turn affected at least 1,500 businesses in the U.S. and other countries by spreading through Kaseya software.
In that attack, the targets were told to pay a total of $70 million to have their computers unlocked.
Vasinskyi allegedly collected $2.3 million in ransom.
The other defendant, Russian national Yevgeniy Polyanin, 28 has been charged with conducting REvil ransomware attacks against victims who included businesses and government entities in Texas in August 2019. Authorities said $6.1 million in funds linked to Polyanin's attacks had been seized.
Vasinskyi and Polyanin, who is believed to be abroad, are charged in separate indictments with conspiracy to commit fraud, computer crimes and conspiracy to commit money laundering.
Biden, in a statement, called cyber threats "a concern for every American, every business regardless of size, and every community."
"When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable," Biden said.
"That's what we have done today."
Biden during a phone call with Putin in July said the U.S. "will take any necessary action to defend its people and its critical infrastructure," according to the White House.
Earlier Monday, the European law enforcement agency Europol announced that Romanian authorities have arrested two other people suspected of cyberattacks in 17 countries that used the REvil ransomware to lock affected computers.
The duo, who were not identified, are suspected of causing 5,000 infections with the ransomware, pocketing a half a million euros in ransom payments, according to Europol, which said the arrests were made Thursday.
REvil Group, which also known as Sodinokibi, on July 2 launched an international ransomware attack.
About a month before that, the group attacked the world's largest meatpacking company JBS, leading the firm to shut down operations, disrupting meat production in North America and Australia.
In mid-July, so-called dark web sites affiliated with REvil were shut down. American authorities refused to say whether the U.S. had taken action against the sites.
But a National Security Council official days before had told reporters that U.S. authorities expected to take action against ransomware groups soon.
"We're not going to telegraph what those actions will be precisely," that official said. "Some of them will be manifest and visible, some of them may not be. But we expect them to take place in the days and weeks ahead."
Europol on Monday noted that since February, authorities have arrested three other affiliates of REvil.