The Justice Department on Monday announced charges against two suspects allegedly affiliated with the notorious REvil ransomware group.
The indictment accuses Yaroslav Vasinskyi, 22, a Ukrainian, of conducting multiple ransomware attacks including the July attack against software company. As a result of Kaseya's position in the software supply chain, hundreds of entities, ranging from schools to stores to a railroad, were directly affected by that attack.
In addition, the department said it seized $6.1 million in alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian who is also charged with conducting REvil ransomware attacks against multiple victims, including businesses and government entities in August 2019 in Texas.
Government officials in both the US and abroad have stepped up their efforts to combat ransomware and the cybercriminals behind it in the wake of several high-profile attacks.
Cybercriminals tied to REvil were responsible for a May cyberattack on the Colonial Pipeline that caused gas shortages in the US. The attackers used encryption software called DarkSide, which was developed by REvil associates. REvil itself was responsible for an attack that shut down international meatpacker JBS in May.
Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, along with counts of damaging protected computers and conspiracy to commit money laundering. If convicted of all the charges, the men face maximum penalties of 115 and 145 years in prison, respectively.
Vasinskyi was arrested in Poland last month and is being held there pending extradition to the US. Polyanin remains at large and is thought to be abroad.
"Our message today is clear," Attorney General Merrick Garland said in a statement. "The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims."
Earlier on Monday, European law enforcement officials announced the arrests in Romania of two individuals accused of using REvil ransomware to commit cybercrimes.
According to Europol, the two suspects were taken into custody by Romanian authorities on Nov. 4. They're allegedly responsible for 5,000 ransomware infections, which resulted in half a million euros ($579 million) in ransom payments.
The arrests are in addition to three other suspected affiliates of the notorious Russian-led criminal gang and two suspects connected to GandCrab, an earlier ransomware crime group, arrested earlier this year, Europol said. All of the arrests came out of operation GoldDust, a joint effort involving 17 countries and a handful of international law enforcement organizations.