Ransomware suspects charged, but one may escape justice

The two are accused of using the REvil ransomware to attack businesses and government entities in the U.S., with Vasinskyi charged with the July 2021 attack against Kaseya, a multinational software company.

The DOJ, in its Nov. 8 announcement, also said it seized $6.1 million in funds traceable to alleged ransom payments received by Polyanin, some dating back to August 2019 attacks on business and government agencies in Texas.

“Cybercrime is a serious threat to our country,” Attorney General Merrick Garland said in a statement. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”

Many cybersecurity experts applauded the charges, even though it’s unlikely that Polyanin will see the inside of a U.S. court. He “will stay in nonextradition locations for the rest of [his] life,” said Andrew Howard, CEO of Kudelski Security, a managed security services provider. “We have seen this play out over and over again with these hackers.”

Still, the charges against the two suspects serve a purpose, Howard told the Washington Examiner. “These charges are more for optics than anything, but I think they do send the right message that the U.S. takes these attacks seriously,” he added.

Vasinskyi and Polyanin are charged in separate indictments with conspiracy to commit fraud and related activity in connection with computers, substantive counts of damage to protected computers, and conspiracy to commit money laundering. Vasinskyi faces a maximum penalty of 115 years in prison, and Polyanin faces 145 years in prison.

The charges may serve as a deterrent for some cybercriminals, added Magda Chelly, a cybersecurity professional based in Singapore. The charges ensure that “cybercriminals do not feel unconstrained by the law due to their technological capabilities,” she told the Washington Examiner.

However, the future of the case against Polyanin depends on complex diplomatic relations between the U.S. and Russia, and there’s no “holistic” international approach to prosecuting cybercrime, she added. “Law enforcement for cybercrime is in a state of crisis,” she said.

However, the renewed focus on prosecuting overseas cybercriminals is encouraging, said Stel Valavanis, CEO of onShore Security.

“The big news here is that law enforcement is finally willing to take on the big task of tracking and catching these criminals,” he told the Washington Examiner.

U.S. law enforcement has long had some tools to track these criminals, he said, but the cost of cybercrime has increased in recent years. “The dollar amounts and the impact have increased, and everyone in the cybersecurity space knows the feds have a threshold before they get involved,” he said.

Valavanis called on lawmakers to modernize banking laws that make it harder for cybercriminals to hide money.

Even though there are doubts that Polyanin will be prosecuted in the U.S., some cybersecurity professionals noted that the U.S. and Russian governments had conversations about cybercrime in recent months, and that’s causing concern among some Eastern European hackers.

Cybersecurity talks between the U.S. and Russia “have made some threat actors in illicit forums nervous about the possibility that Russia might be interested in cooperating with U.S. law enforcement on certain cases,” said Maria Gershuni, global intelligence analyst at cybersecurity vendor Flashpoint.

However, a cybersecurity agreement between the two countries seems “elusive,” she told the Washington Examiner. “This situation provides the Russian authorities with the opportunity to offer security to cybercriminals, though typically not for free.”