Ransomware crackdown: US sanctions, arrests, and pressure on REvil
US Treasury targets crypto exchanges to curb the flood of cyber-extortion schemes. In addition, two REvil affiliates were named, likely to send a message that gang impunity is fading.
Walls are closing in on the notorious REvil ransomware gang. Malware operators and their affiliates, known for extortion attacks against meat supplier JBS and software company Kaseya, are facing increased pressure from the US and the international community.
Even though the cartel went dark twice since July, it was likely not enough. Yaroslav Vasinkskyi, a 22-year-old Ukrainian national, was identified as one of the culprits behind the attack against Kasyea and is currently awaiting extradition to the US.
Vasinkskyi left Ukraine for Poland on October 8 and was arrested by the Polish authorities on a US warrant.
US authorities also named a Russian national, Yevgeniy Polyanin, as a Sodinokibi/REvil ransomware associate. The US Office of Foreign Assets Control (OFAC) added a company owned by Polyanin to the US sanctions list, virtually cutting it off from the Western world.
Follow the money
The US Treasury announced that it will be targeting certain crypto exchanges 'for facilitating financial transactions for ransomware actors.' Chatex, a crypto exchange headquartered in Tallinn, Estonia.
According to the US Treasury, half of known Chatex's transactions 'are directly traced to illicit or high-risk activities such as darknet markets, high-risk exchanges, and ransomware.'
Another Estonia-based entity, Chatextech SIA, and a Latvia-based company Izibits OU provided material support and assistance to Chatex, setting up the infrastructure necessary for Chatex to operate.
The Treasury noted that the cooperation of Latvian and Estonian authorities allowed the Americans to combat the threat more effectively. Latvia and Estonia are both members of NATO and the EU.
In addition to sanctions on individuals and companies, the US Treasury offered a bounty for information on REvil members. The reward of up to $10 million is offered for information leading to the identification or location of Sodinokibi/REvil leadership.
Another reward of up to $5 million is offered for information leading to the arrest of any individual attempting to participate in a Sodinokibi variant ransomware incident.
In essence, the US has announced a headhunt of REvil and its affiliates. Recently the US offered $10 million reward for information on the DarkSide ransomware gang responsible for the Colonial Pipeline cyber attack.
That's hardly surprising, given that reported ransomware payments in the United States so far have reached $590 million in the first half of 2021, compared to a total of $416 million in 2020.
Cyberattacks are increasing in scale, sophistication, and scope. The last 12 months were ripe with major high-profile cyberattacks, such as the SolarWinds hack, attacks against the Colonial Pipeline, meat processing company JBS, and software firm Kaseya.
Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.
The prevalence of ransomware has forced governments to take multilateral action against the threat. It's likely a combined effort allowed to push the infamous REvil and BlackMatter cartels offline, and arrest members of Cl0p ransomware cartel.
Gangs, however, either rebrand or form new groups. Most recently, LockBit 2.0 was the most active ransomware group with a whopping list of 203 victims in Q3 of 2021 alone.
An average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.
Reports show that criminals were taking advantage of the uncertainty caused by the pandemic and the flood of new users to digital channels, who were especially susceptible to attack.
More from CyberNews
Subscribe to our newsletter