The Justice Department says authorities have indicted two men in connection with a wave of ransomware attacks that, among other targets, shut down a meat processing company and an internet software provider earlier this year.
Attorney General Merrick Garland says one of the men, Yaroslav Vasinskyi, 22, a Ukrainian, was arrested when he traveled to Poland. The second man was identified as Yevgeniy Polyanin, a 28-year-old Russian. Garland says the U.S. seized some $6.1 million from Polyanin.
Both men are said to be part of an organized crime group called REvil, which conducts ransomware attacks that encrypt the data of companies and demand payments to unblock them.
Polyanin is believed to be abroad, the department says.
Garland asserted that the "U.S. government will continue to aggressively pursue the entire ransom ware ecosystem and increase our nations resilience to cyber threats."
In a statement, President Biden said, "When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable. That's what we have done today."
The president added that while much work remains to be done, "we have taken important steps to harden our critical infrastructure against cyberattacks, hold accountable those that threaten our security, and work together with our allies and partners around the world to disrupt ransomware networks."
The Justice Department says that Vasinskyi was allegedly responsible for the July 2 ransomware attack against Kaseya, "which resulted in the encryption of data on computers of organizations around the world that used Kaseya software."
It says that Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.
Earlier this year, Deputy Attorney General Lisa Monaco launched a task force to combat the large and growing problem of ransomware, which has targeted hospitals, 911 call centers, local law enforcement agencies and private businesses.
In an interview with NPR, Monaco said her team is moving swiftly to follow the money — and using multiple tools, not just arrests.
"We went after the cryptocurrency that was paid in ransom by the victims here, and we went and we traced it and we seized it, and now we'll be able to return that money to the victims," Monaco said. "We're using all of our authorities, and we're doing it at a scale and speed that we haven't done before."
The State Department, meanwhile, announced it is offering a $10 million reward for information leading to the identification or location of "any individual holding a key leadership position" in the REvil ransomware organized crime group, also known as Sodinokibi. It is offering a $5 million reward for information "leading to the arrest and/or conviction in any country of any individual conspiring to participate in or attempting to participate in a Sodinokibi variant ransomware incident."
The Biden administration is pressing Congress to pass a new law that would create a national standard to report cyber incidents, including a requirement that the Justice Department be notified. Monaco said such a step is critical to help investigators track cyber criminals and prevent the next victim.
"It's essential that we get that information, that cooperation very rapidly from the victims so that we can work to stop the next attack," Monaco said.
RACHEL MARTIN, HOST:
The Justice Department is fighting back against hackers, the kind who use ransomware to steal data and then hold that data hostage for a payout. Authorities have indicted two international cybercriminals from Russia and Ukraine. NPR national justice correspondent Carrie Johnson reports.
CARRIE JOHNSON, BYLINE: Four months after hackers targeted the software company Kaseya and its clients, the Justice Department is striking back. Attorney General Merrick Garland announced the action in a press conference in Washington.
(SOUNDBITE OF PRESS CONFERENCE)
MERRICK GARLAND: The Justice Department is sparing no resource to identify and bring to justice anyone anywhere who targets the United States with a ransomware attack.
JOHNSON: One hacker, a Russian national, remains at large, but the other, a Ukrainian, recently made the bad decision to travel to Poland, where he was taken into custody. American law enforcement wants to extradite him to the U.S. to face justice.
LISA MONACO: Our message is that if you come for us, we are going to come for you.
JOHNSON: That's deputy attorney general Lisa Monaco. Monaco established a task force to fight the threat from organized criminal gangs earlier this year.
MONACO: We once again followed the money. We went after the cryptocurrency that was paid in ransom by the victims here, and we went and we traced it and we seized it. And now we'll be able to return that money to the victims. So we're using every tool at our disposal. We're using all of our authorities, and we're doing it at a scale and a speed that we haven't done before.
JOHNSON: DOJ says it recovered more than $6 million in this case that will go back to the victims. The targets of the ransomware schemes include private businesses, schools, hospitals and 911 call centers. So Monaco says these cases can be deadly serious.
MONACO: These attacks have hit hospitals. They have hit first responders. They have hit industries and sectors of our society where real lives are at stake. And so that's what we mean when we're talking about life and death.
JOHNSON: The Biden administration is taking a coordinated approach to ransomware. The Treasury Department announced sanctions, and the State Department is offering a $10 million reward for information that leads to the capture of the leaders of the criminal gang known as REvil. But leaders of the Justice Department say they need Congress and their broader community to help, too. They're asking for a new law that would create a standard for reporting cyber incidents to federal authorities. And they want the victims to notify them quickly so they can recover lost money and prevent anyone else from being victimized.
Carrie Johnson, NPR News, Washington.
(SOUNDBITE OF KODOMO'S "CONCEPT 11") Transcript provided by NPR, Copyright NPR.