The US Treasury has added Ukrainian Yaroslav Vasinsky and Russian Yevgeny Polyanin, accused of cyberattacks as part of the hacker group REvil, to the so-called SDN List. The persons included in it have their assets frozen, and US citizens are prohibited from doing business with foreigners on the list.
The Estonian crypto bank Chatex was also included in the sanctions list. The US Treasury Department said that sanctions are being imposed against the bank for participating in cyber ransomware in the US and for exchanging cryptocurrencies on the Chatex platform.
Yaroslav Vasinsky was arrested in Poland in October on charges of hacking the Kaseya business software provider in Florida (occurred on July 4). Polyanin remains at large, but, like Vasinsky, he, according to the US Department of Justice, participated in the operations of the hacker group REvil.
Hackers spread a malicious ransomware program among 1,500 Kaseya customers, encrypting their data and forcing some to disconnect for several days. The US suggests that the attack was carried out by the hacker group REvil. It accused Vasinsky and Polyanin of cyber hacking and conspiracy to commit fraud and money laundering. The US Treasury reported that the victims of the group paid it more than $200 million in bitcoins and other cryptocurrencies.
The court materials indicate that the Ukrainian hacker and his accomplices began to engage in the introduction of malware in April 2019. In total, by the beginning of November, the police and special services had identified about two dozen suspects in cyberattacks in 71 countries on companies and infrastructure using REvil ransomware. So, two people were arrested in Romania, five in South Korea.
The hacker group REvil (also known as Sodinokibi) has been working on the darknet since 2019. Kaspersky Lab said in its research in May 2021 that REvil distributes its encryption virus through partners (other hackers) who receive 60-75% of the ransom.