Guest blogger, Chris Bonatti, an IECA Consultant Explains What Happened
Forward by CyberWyoming: We discuss ransomware and what to do if your organization is the victim of an attack in Wyoming’s Cybersecurity Competition for Small Businesses. Join the competition at https;//www.cyberwyoming.org/competition. (IECA’s membership makes the Competition free to all Wyoming small companies.)
The US Government has finally struck some blows against what has, for years, seemed like the unstoppable ransomware menace. The feds seem to have escalated their stance in the wake of the high profile Colonial Pipeline and Kaseya breaches to fully engage US law enforcement with the US military. Apparently, this gloves-off approach has yielded some results.
The REvil gang, which this year disappeared from the scene and then reemerged, has hopefully disappeared for good. REvil itself was hacked, and taken down by the FBI, Secret Service, and the US Cyber Command. On 8 November, the US DOJ charged 22-year-old Ukrainian national Yaroslav Vasinskyi with orchestrating the REvil ransomware attacks related to Kaseya. Vasinskyi was arrested at a border checkpoint when crossing into Poland. The US also charged a second suspect who allegedly helped the REvil gang deploy its ransomware, 28-year-old Russian national Yevgeniy Polyanin.
The US believes that Polyanin is the person who breached the network of a Texas-based managed service provider, from which he deployed the REvil ransomware to at least 20 Texas local government agencies in August 2019. Although Polyanin is still at large, the DOJ said they had successfully seized $6.1 million worth of his cryptocurrency assets.