{
	"id": "788f2080-54b2-4bcd-b106-1286f5c5397d",
	"created_at": "2026-04-23T02:54:57.780969Z",
	"updated_at": "2026-04-25T02:18:31.20229Z",
	"deleted_at": null,
	"sha1_hash": "3e669b5dc986b6f8d431ae3713feea5822cb6682",
	"title": "Ukrainian Arrested and Charged with Ransomware Attack on Kaseya",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50970,
	"plain_text": "Ukrainian Arrested and Charged with Ransomware Attack on\r\nKaseya\r\nPublished: 2021-11-08 · Archived: 2026-04-23 02:42:11 UTC\r\nThe Justice Department announced today recent actions taken against two foreign nationals charged with\r\ndeploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.\r\nAn indictment unsealed today charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware\r\nattacks against multiple victims, including the July 2021 attack against Kaseya, a multi-national information\r\ntechnology software company.\r\nThe department also announced today the seizure of $6.1 million in funds traceable to alleged ransom payments\r\nreceived by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil\r\nransomware attacks against multiple victims, including businesses and government entities in Texas on or about\r\nAug. 16, 2019.\r\nAccording to the indictments, Vasinskyi and Polyanin accessed the internal computer networks of several victim\r\ncompanies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies.\r\n“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our\r\nnational security,” said Attorney General Garland. “Our message today is clear. The United States, together with\r\nour allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to\r\njustice, and to recover the funds they have stolen from their victims.”\r\n“Our message to ransomware criminals is clear: If you target victims here, we will target you,” said Deputy\r\nAttorney General Monaco. “The Sodinokibi/REvil ransomware group attacks companies and critical\r\ninfrastructures around the world, and today’s announcements showed how we will fight back.  In another success\r\nfor the department’s recently launched Ransomware and Digital Extortion Task Force, criminals now know we\r\nwill take away your profits, your ability to travel, and – ultimately – your freedom. Together with our partners at\r\nhome and abroad, the Department will continue to dismantle ransomware groups and disrupt the cybercriminal\r\necosystem that allows ransomware to exist and to threaten all of us.”\r\n“The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets,\r\nand the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with\r\nour international, U.S. government and especially our private sector partners,” said FBI Director Christopher\r\nWray. “The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil.\r\nRansomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We\r\nwill continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the\r\nworld those might be.”\r\n“Ransomware can cripple a business in a matter of minutes. These two defendants deployed some of the internet’s\r\nmost virulent code, authored by REvil, to hijack victim computers,” said Acting U.S. Attorney Chad E. Meacham\r\nhttps://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya\r\nPage 1 of 4\n\nfor the Northern District of Texas. “In a matter of months, the Justice Department identified the perpetrators,\r\neffected an arrest, and seized a significant sum of money. The Department will delve into the darkest corners of\r\nthe internet and the furthest reaches of the globe to track down cyber criminals.”\r\nAccording to court documents, Vasinskyi was allegedly responsible for the July 2 ransomware attack against\r\nKaseya. In the alleged attack against Kaseya, Vasinskyi caused the deployment of malicious Sodinokibi/REvil\r\ncode throughout a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to\r\n“endpoints” on Kaseya customer networks. After the remote access to Kaseya endpoints was established, the\r\nransomware was executed on those computers, which resulted in the encryption of data on computers of\r\norganizations around the world that used Kaseya software.\r\nThrough the deployment of Sodinokibi/REvil ransomware, the defendants allegedly left electronic notes in the\r\nform of a text file on the victims’ computers. The notes included a web address leading to an open-source privacy\r\nnetwork known as Tor, as well as the link to a publicly accessible website address the victims could visit to\r\nrecover their files. Upon visiting either website, victims were given a ransom demand and provided a virtual\r\ncurrency address to use to pay the ransom. If a victim paid the ransom amount, the defendants provided the\r\ndecryption key, and the victims then were able to access their files. If a victim did not pay the ransom, the\r\ndefendants typically posted the victims’ stolen data or claimed they sold the stolen data to third parties, and\r\nvictims were unable to access their files. \r\nVasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity\r\nin connection with computers, substantive counts of damage to protected computers, and conspiracy to commit\r\nmoney laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison,\r\nrespectively.\r\nThe $6.1 million seized from Polyanin is alleged to be traceable to ransomware attacks and money laundering\r\ncommitted by Polyanin through his use of Sodinokibi/REvil ransomware. The seizure warrant was issued out of\r\nthe Northern District of Texas. Polyanin is believed to be abroad.\r\nOn Oct. 8, Vasinskyi was taken into custody in Poland where he remains held by authorities pending proceedings\r\nin connection with his requested extradition to the United States, pursuant to the extradition treaty between the\r\nUnited States and the Republic of Poland. In parallel with the arrest, interviews and searches were carried out in\r\nmultiple countries, and would not have been possible without the rapid response of the National Police of Ukraine\r\nand the Prosecutor General’s Office of Ukraine.\r\nThe FBI’s Dallas and Jackson Field Offices are leading the investigation. Substantial assistance was provided by\r\nthe Justice Department’s Office of International Affairs and the National Security Division’s Counterintelligence\r\nand Export Control Section.\r\nAssistant U.S. Attorney Tiffany H. Eggers of the U.S. Attorney’s Office for the Northern District of Texas and\r\nSenior Counsel Byron M. Jones from the Justice Department’s Computer Crime and Intellectual Property Section\r\nare prosecuting the case.\r\nThe U.S. Attorney’s Office for the Northern District of Texas, the FBI’s Dallas and Jackson Field Offices, and the\r\nCriminal Division’s Computer Crime and Intellectual Property Section conducted the operation in close\r\nhttps://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya\r\nPage 2 of 4\n\ncooperation with Europol and Eurojust, who were an integral part of coordination. Investigators and prosecutors\r\nfrom several jurisdictions, including: Romania's National Police and the Directorate for Investigating Organised\r\nCrime and Terrorism; Canada’s Royal Canadian Mounted Police; France’s Court of Paris and BL2C (anti-cybercrime unit police); Dutch National Police; Poland’s National Prosecutor’s Office, Border Guard, Internal\r\nSecurity Agency, and Ministry of Justice; and the governments of Norway and Australia provided valuable\r\nassistance.\r\nThe U.S. Department of the Treasury Financial Crimes Enforcement Network (FinCEN), Department of\r\nHomeland Security's Cybersecurity and Infrastructure Security Agency (CISA), Germany’s Public Prosecutor’s\r\nOffice Stuttgart and State Office of Criminal Investigation of Baden-Wuerttemberg; Switzerland’s Public\r\nProsecutor’s Office II of the Canton of Zürich and Cantonal Police Zürich; United Kingdom’s National Crime\r\nAgency; U.S. Secret Service; Texas Department of Information Resources; BitDefender; McAfee; and Microsoft\r\nalso provided significant assistance.\r\nThis case is part of the Department of Justice’s Ransomware and Digital Extortion Task Force, which was created\r\nto combat the growing number of ransomware and digital extortion attacks. As part of the task force, the Criminal\r\nDivision, working with the U.S. Attorneys’ Offices, prioritizes the disruption, investigation, and prosecution of\r\nransomware and digital extortion activity by tracking and dismantling the development and deployment of\r\nmalware, identifying the cybercriminals responsible, and holding those individuals accountable for their crimes.\r\nThe department, through the task force, also strategically targets the ransomware criminal ecosystem as a whole\r\nand collaborates with domestic and foreign government agencies as well as private sector partners to combat this\r\nsignificant criminal threat.\r\nFor more information about the Ransomware and Digital Extortion Task Force, read the Deputy Attorney\r\nGeneral’s recent guidance memo on related investigations and cases. For more resources on ransomware\r\nprevention and response, visit StopRansomware.gov\r\n.\r\nhttps://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya\r\nPage 3 of 4\n\nAn indictment is merely an allegation, and all defendants are presumed innocent until proven guilty beyond a\r\nreasonable doubt in a court of law.\r\nSource: https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya\r\nhttps://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya"
	],
	"report_names": [
		"ukrainian-arrested-and-charged-ransomware-attack-kaseya"
	],
	"threat_actors": [],
	"ts_created_at": 1776912897,
	"ts_updated_at": 1777083511,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3e669b5dc986b6f8d431ae3713feea5822cb6682.pdf",
		"text": "https://archive.orkl.eu/3e669b5dc986b6f8d431ae3713feea5822cb6682.txt",
		"img": "https://archive.orkl.eu/3e669b5dc986b6f8d431ae3713feea5822cb6682.jpg"
	}
}