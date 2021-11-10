Justice Dept. Brings New Charges in Ransomware Attacks
The Justice Department said Monday it has indicted a Russian national accused of carrying out ransomware attacks on US government agencies and businesses, including the meat supply company JBS, which has been temporarily shut down.
In the Biden administration’s latest crackdown on cybercrime, the Justice Department also announced that it had seized $ 6.1 million in ransom paid to a Russian man, Yevgeny Palinin, 28, who was accused of deploying ransomware known as REvil against business and government offices, according to court documents. In 2019 in Texas.
Mr Palinin, who is believed to be abroad, has not been detained by US authorities and the possibility of a trial in the United States remains unclear.
The department on Monday dropped an independent indictment alleging several ransomware attacks, including a July 2021 attack on a Ukrainian citizen, Yaroslav Vasinsky, 22, a technology company. The attack on Kaseya, which manages Internet technology infrastructure for other companies, allowed hackers to infect Kaseya’s hundreds of customer systems, including Swedish pharmacy and grocery chains.
Mr Wasinsky was arrested by Poland authorities last month because he had traveled to the country, and the Justice Department is seeking his extradition to the US for trial.
“The United States, along with our allies, will do everything in its power to identify the perpetrators of ransomware attacks, bring them to justice, and recover funds stolen from their victims,” said Attorney General Merrick B. Garland said. In a statement.
Arrest is part of a consistent, coordinated, global effort to combat ransomware. Authorities in Ukraine, Romania, Kuwait and South Korea have arrested cybercriminals known as “ransomware services” in recent weeks.
“We are fully committed to the federal government to take advantage of the international cooperation to prevent malicious cyber activities and artists, to increase the flexibility of the home, to prevent the misuse of virtual currency to launder ransom payments, and to disrupt the ransomware ecosystem and address safe havens for ransomware criminals.” President Biden said in a statement Monday.
In a ransomware attack, hackers break into a company’s or agency’s computer network, encrypt data, and then demand a ransom to decrypt it.
In recent years, ransomware groups have used a double ransom scheme where they not only keep data hostage but also threaten to leak it online. Some groups have begun using their ransomware code, portals, payment platforms, and messaging infrastructure to attack others, such as those provided by a hacker group of the same name, using REvil in the Texas case.
Last month, the Biden administration convened a two-day conference with 30 other countries to form a coalition dedicated to disrupting the global ransomware ecosystem.
Cybersecurity experts say most ransomware developers are in Russia, where they have widespread immunity because Russia does not arrest or extradite them. (Russia was not specifically invited to the Biden administration summit.) It has limited options for law enforcement in the United States, Europe, and other countries.
But in recent months, US officials have changed their stance. Last week, the State Department announced a 10 million bounty on anyone who helped provide information about the leaders of a ransomware group known as Darkside, a blackmailer, following the May hack of the colonial pipeline.
Mr Biden said on Monday that he had met with Russian President Vladimir Vladimir Putin in June. When he met with Putin, he made it clear that the United States would “take action to hold cybercriminals accountable.”
U.S. officials have also begun to pay ransom to cybercriminals, as they did last Monday in the case of Darkside and Mr. Paulinin.
“The message is: ‘You may think we can’t arrest you because you live in Russia, but there are many ways we can reach you,'” said Alan Liska, a cybersecurity firm for Recorded Futures. “This kind of sustainable, cooperative law enforcement operation is making ransomware attacks more expensive, and it’s scaring them.”
Over the past few weeks, members of REvil and DarkSide have gone into the dark, signing off from cybercriminal forums on the dark web. “They’re signing off and stopping,” Mr Liska said. “We’re used to seeing these groups come back in different formats, but I’m not sure we’ll see REvil and DarkSide again.”
Asked at a news conference whether the Russian government had pardoned ransomware offenders or cooperated with Mr Palinin’s arrest, Mr Garland said he could not comment as the investigation was ongoing.
“We expect and hope that the government in which one of these actors resides will do everything possible to provide us with a way to prosecute that person,” he said.
Last week, the Justice Department discovered a Russian cybercriminal who was hiding in South Korea, and the department worked with other governments to bring the accused to a U.S. courtroom, Deputy Attorney General Lisa O. Monaco told a news conference announcing the allegations.
The enforcement actions taken last week and Monday show that “we will use all means and partners to catch the responsible bad actors,” Ms. Monaco said.
The Justice Department has said it will continue to step up the fight against cybercrime, which it considers a serious financial and national security threat. In an interview with the Associated Press last week, Ms. Monaco said more arrests and seizures of ransom payments are imminent.
But while cybersecurity experts praised the latest moves against REvil and its affiliates on Monday, other ransomware gangs continued to attack US cities, counties and even police departments.
After the Justice Department released its latest charges Monday, a ransomware gang called Pysa – the subject of an FBI warning last year – began leaking data on more than 50 new victims. Among them is Bridgeport City, W.W. And there was a school in Omaha. Another ransomware group called Griff hit the police station in Fulton, NY
The latest targets did not immediately respond to requests for comment.
#Justice #Dept #Brings #Charges #Ransomware #Attacks
Leave a Comment
You must be logged in to post a comment.