The Department of Justice promises a whole of government approach to fighting ransomware groups no matter which country they operate from. Credit: Getty Images It didn’t take long for the White House’s ransomware initiative to be fruitful, as evidenced by the successful international law enforcement efforts targeting members of the Sodinokibi/REvil criminal enterprise. The Department of Justice (DoJ) unsealed two grand jury indictments on November 8, 2021, on individuals associated with the group – Yaroslave Vasinskyi and Yevgeniy Polyanin– both with Sodinokibi/REvil ransomware.US Attorney General Merrick Garland, accompanied by Deputy US Attorney General Lisa Monaco, FBI Director Christopher Wray, and Deputy Secretary of the US Treasury Wally Adeyemo, shared the news of the arrest of Vasinskyi by Polish authorities at the request of the United States. A DoJ press release highlighted the efforts of the Ransomware and Digital Extortion Task Force as being key. In addition, teams from within the private sector played a substantive role, includinf those from Microsoft, McAfee and BitDefender.Additionally, Polyanin, a Russian national still at large, saw $6,123,652.21 disappear from his FTX Trading Limited account on September 10, 2021, pursuant to a “seize property” warrant issued by Judge Rebecca Rutherford of the US District Court, North District of Texas.Vasinsky was lured to Poland from the Ukraine and arrested in Poland on October 8, 2021. He remains in custody and is now facing extradition by the US in accordance with the extradition treaty between the two countries. On November 4, 2021, two individuals (not yet identified) were arrested in Romania for their role in the REvil enterprise. “The arrest of Yaroslav Vasinskyi [October 5 in Poland], the charges against Yevgeniy Polyanin and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, US government and especially our private sector partners,” said FBI Director Christopher Wray. “The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil. Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being. We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.”When asked what pretext was used to lure Vasinskiy to Poland, Wray wryly noted how individuals travel for many reasons and that “we” were glad Vasinskiy chose to travel from the Ukraine to Poland. While Garland, in response to the assistance being provided by Russia, declined to comment on ongoing law enforcement efforts, yet still managed to signal to Russia expectations with noting how the expectation of the United States is that any country, which a criminal is present, will assist the United States with their arrest and bringing the individual to justice to answer to their alleged crimes. Kaseya praised for engaging FBI earlyOf particular import to CISOs, was Wray’s laudatory comments on the handling of the REvil ransomware attack by victim, Kaseya when they were attacked on July 2. He applauded Kaseya for having engaged with law enforcement early which allowed the Kaseya and its customers to benefit from an all-government response to “put out the fire.” He also noted how these efforts resulted in the FBI being able to create a decryption key to unlock Kesaya’s customers’ data. This served to answer the question asked in late-September 2021 as to why the FBI held back REvil ransomware keys and with which international partners the FBI was engaged in the coordinated law enforcement action.Treasury Department issues advisories on virtual currency exchanges supporting criminal activityAdeyemo noted Treasury’s role in the “whole-of-government effort” against ransomware operators and virtual currency exchanges which support the cyber criminals, as including disruption to digital ecosystems. He also advised that Treasury was issuing a FinCEN Updates Ransomware Advisory, which designates the virtual currency exchange Chatex as being a part of the criminal support effort of the ransomware criminals. In addition to Chatex, Izibits OU, Chatextech SIA and Hightrade Finance ltd, were also designated for providing material support to Chatex’s criminal activity. The advisory notes how Latvia has suspended the operations of Chatextech. Estonia has revoked the license of Izibits OU.Rewards offered for arrest of DarkSide membersMeanwhile, the State Department has made available a $10 million reward for information leading to the identification or locations of any individual holding a key leadership position within the DarkSide ransomware organization and an additional $5 million for information leading to the arrest or conviction in any country of an individual participating in DarkSide ransomware. It is worth noting that the Department’s Transnational Organized Crime Rewards Program has paid out over $135 million in rewards.In closing, Garland called upon Congress to create a cyber reporting standard for industry to assist law enforcement in their efforts to thwart cybercrime. He, as did Monaco and Wray emphasized the role to be played by the private sector in the fight against cybercrime. It was repeatedly emphasized that early engagement with government by CISOs results in making available the resources of the “all-of-government” approach. Related content news analysis Cisco unveils AI-powered assistants to level up security defenses New AI-driven tools aim to simplify and bolster policies, alerts and prevention to reduce complexity when setting security policies and assess traffic without decryption. By Rosalyn Page Dec 05, 2023 5 mins Encryption Cloud Security brandpost Sponsored by Microsoft Security How Microsoft and Amazon are expanding the fight against international tech support fraud By partnering with other companies to share vital information and resources, Microsoft is taking the fight to ever-evolving support fraud in 2024…and beyond. By Microsoft Security Dec 05, 2023 1 min Security news analysis Russia's Fancy Bear launches mass credential collection campaigns The campaigns exploit Outlook and WinRAR flaws to target government, defense, and other entities, and they represent a change of tactic for the APT28 group. By Lucian Constantin Dec 05, 2023 5 mins Advanced Persistent Threats Critical Infrastructure Vulnerabilities brandpost Sponsored by Palo Alto Networks Addressing vulnerabilities in OT environments requires a Zero Trust approach Here’s a rundown of why manufacturers are so exposed and how Zero Trust can help solve many security issues. By Navneet Singh, vice president of marketing, network security, Palo Alto Networks Dec 05, 2023 6 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe