The Department of Justice promises a whole of government approach to fighting ransomware groups no matter which country they operate from. Credit: Getty Images It didn’t take long for the White House’s ransomware initiative to be fruitful, as evidenced by the successful international law enforcement efforts targeting members of the Sodinokibi/REvil criminal enterprise. The Department of Justice (DoJ) unsealed two grand jury indictments on November 8, 2021, on individuals associated with the group – Yaroslave Vasinskyi and Yevgeniy Polyanin– both with Sodinokibi/REvil ransomware.US Attorney General Merrick Garland, accompanied by Deputy US Attorney General Lisa Monaco, FBI Director Christopher Wray, and Deputy Secretary of the US Treasury Wally Adeyemo, shared the news of the arrest of Vasinskyi by Polish authorities at the request of the United States. A DoJ press release highlighted the efforts of the Ransomware and Digital Extortion Task Force as being key. In addition, teams from within the private sector played a substantive role, includinf those from Microsoft, McAfee and BitDefender.Additionally, Polyanin, a Russian national still at large, saw $6,123,652.21 disappear from his FTX Trading Limited account on September 10, 2021, pursuant to a “seize property” warrant issued by Judge Rebecca Rutherford of the US District Court, North District of Texas. Vasinsky was lured to Poland from the Ukraine and arrested in Poland on October 8, 2021. He remains in custody and is now facing extradition by the US in accordance with the extradition treaty between the two countries. On November 4, 2021, two individuals (not yet identified) were arrested in Romania for their role in the REvil enterprise. “The arrest of Yaroslav Vasinskyi [October 5 in Poland], the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, US government and especially our private sector partners,” said FBI Director Christopher Wray. “The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil. Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.”When asked what pretext was used to lure Vasinskiy to Poland, Wray wryly noted how individuals travel for many reasons and that “we” were glad Vasinskiy chose to travel from the Ukraine to Poland. While Garland, in response to the assistance being provided by Russia, declined to comment on ongoing law enforcement efforts, yet still managed to signal to Russia expectations with noting how the expectation of the United States is that any country, which a criminal is present, will assist the United States with their arrest and bringing the individual to justice to answer to their alleged crimes. Kaseya praised for engaging FBI earlyOf particular import to CISOs, was Wray’s laudatory comments on the handling of the REvil ransomware attack by victim, Kaseya when they were attacked on July 2. He applauded Kaseya for having engaged with law enforcement early which allowed the Kaseya and its customers to benefit from an all-government response to “put out the fire.” He also noted how these efforts resulted in the FBI being able to create a decryption key to unlock Kesaya’s customers’ data. This served to answer the question asked in late-September 2021 as to why the FBI held back REvil ransomware keys and with which international partners the FBI was engaged in the coordinated law enforcement action.Treasury Department issues advisories on virtual currency exchanges supporting criminal activityAdeyemo noted Treasury’s role in the “whole-of-government effort” against ransomware operators and virtual currency exchanges which support the cyber criminals, as including disruption to digital ecosystems. He also advised that Treasury was issuing a FinCEN Updates Ransomware Advisory, which designates the virtual currency exchange Chatex as being a part of the criminal support effort of the ransomware criminals. In addition to Chatex, Izibits OU, Chatextech SIA and Hightrade Finance ltd, were also designated for providing material support to Chatex’s criminal activity. The advisory notes how Latvia has suspended the operations of Chatextech. Estonia has revoked the license of Izibits OU.Rewards offered for arrest of DarkSide membersMeanwhile, the State Department has made available a $10 million reward for information leading to the identification or locations of any individual holding a key leadership position within the DarkSide ransomware organization and an additional $5 million for information leading to the arrest or conviction in any country of an individual participating in DarkSide ransomware. It is worth noting that the Department’s Transnational Organized Crime Rewards Program has paid out over $135 million in rewards.In closing, Garland called upon Congress to create a cyber reporting standard for industry to assist law enforcement in their efforts to thwart cybercrime. He, as did Monaco and Wray emphasized the role to be played by the private sector in the fight against cybercrime. It was repeatedly emphasized that early engagement with government by CISOs results in making available the resources of the “all-of-government” approach. Related content feature Backlogs at National Vulnerability Database prompt action from NIST and CISA A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases. By John Mello Jr. May 15, 2024 10 mins Threat and Vulnerability Management Security Practices Vulnerabilities news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security brandpost Sponsored by Microsoft Security New threat trends emerge out of East Asia With total vigilance concerning the latest East Asian developments in the threat landscape, security leaders can enhance their readiness to safeguard against the most imminent dangers. By Microsoft Security May 14, 2024 5 mins Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe