[ad_1]
The U.S. Division of Justice in the present day introduced the arrest of Ukrainian man accused of deploying ransomware on behalf of the REvil ransomware gang, a Russian-speaking cybercriminal collective that has extorted a whole bunch of hundreds of thousands from sufferer organizations. The DOJ additionally stated it had seized $6.1 million in cryptocurrency despatched to a different REvil affiliate, and that the U.S. Division of State is now providing as much as $10 million for the title or location any key REvil leaders, and as much as $5 million for info on REvil associates.
If it sounds unlikely {that a} regular Web consumer may make hundreds of thousands of {dollars} unmasking the identities of REvil gang members, take coronary heart and contemplate that the 2 males indicted as half this regulation enforcement motion don’t seem to have accomplished a lot to separate their cybercriminal identities from their real-life selves.
Exhibit #1: Yaroslav Vasinskyi, the 22-year-old Ukrainian nationwide accused of being REvil Affiliate #22. Vasinskyi was arrested Oct. 8 in Poland, which maintains an extradition treaty with america. Prosecutors say Vasinskyi was concerned in plenty of REvil ransomware assaults, together with the July 2021 assault in opposition to Kaseya, a Miami-based firm whose merchandise assist system directors handle massive networks remotely.
Yaroslav Vasinksyi’s Vkontakte profile reads “In the event that they inform you nasty issues about me, consider each phrase.”
In line with his indictment (PDF), Vasinskyi used quite a lot of hacker handles, together with “Profcomserv” — the nickname behind an internet service that floods telephone numbers with junk requires a payment. Prosecutors say Vasinskyi additionally used the monikers “Yarik45,” and “Yaroslav2468.”
These final two nicknames correspond to accounts on a number of high cybercrime boards approach again in 2013, the place a consumer named “Yaroslav2468” registered utilizing the e-mail deal with yarik45@gmail.com.
That e-mail deal with was used to register an account at Vkontakte (the Russian model of Fb/Meta) beneath the profile title of “Yaroslav ‘promote the blood of css’ Vasinskyi.” Vasinskyi’s Vkontakte profile says his present metropolis as of Oct. 3 was Lublin, Poland. Maybe tauntingly, Vasinskyi’s profile web page additionally lists the FBI’s 1-800 tip line as his contact telephone quantity. He’s now in custody in Poland, awaiting extradition to america.
Exhibit #2: Yevgeniy Igorevich Polyanin, the 28-year-old Russian nationwide who’s alleged to be REvil Affiliate #23. The DOJ stated it seized $6.1 million in funds traceable to alleged ransom funds obtained by Polyanin, and that the defendant had been concerned in REvil ransomware assaults on a number of U.S. sufferer organizations.
The FBI’s needed poster for Polyanin.
Polyanin’s indictment (PDF) says he additionally favored quite a few hacker handles, together with LK4D4, Damnating, Damn2life, Noolleds, and Antunpitre. A few of these nicknames return greater than a decade on Russian cybercrime boards, lots of which have been hacked and relieved of their consumer databases over time.
Amongst these was carder[.]su, and that discussion board’s database says a consumer by the title “Damnating” registered with the discussion board in 2008 utilizing the e-mail deal with damnating@yandex.ru. Positive sufficient, there’s a Vkontakte profile tied to that e-mail deal with beneath the title “Yevgeniy ‘rattling’ Polyanin” from Barnaul, a metropolis within the southern Siberian area of Russia.
The obvious lack of any actual operational safety by both of the accused right here is so frequent that it’s hardly exceptional. As exhibited by numerous investigations in my Breadcrumbs story collection, I’ve discovered that if a cybercriminal is lively on a number of boards over greater than 10 years, this can be very doubtless that particular person has made a number of errors that make it comparatively simple to attach his discussion board persona to his real-life identification.
As I defined earlier this yr in The Wages of Password Re-use: Your Cash or Your Life, it’s doable in lots of circumstances to make that connection thanks to 2 elements. The most important is password re-use by cybercriminals (sure, crooks are lazy, too). The opposite is that cybercriminal boards, providers, and many others. get hacked nearly as a lot as everybody else on the Web, and once they do their consumer databases can reveal some very helpful secrets and techniques and connections.
Along with in the present day’s REvil motion, the U.S. Division of State stated it was providing a reward of as much as $10 million for info resulting in the identification or location of any particular person holding a key management place within the REvil ransomware group. The division stated it was additionally providing a reward of as much as $5 million for info resulting in the arrest and/or conviction in any nation of any particular person conspiring to take part in or making an attempt to take part in a REvil ransomware incident.
I actually like this bounty supply and I hope we see extra identical to it for different ransomware teams. As a result of as we are able to see from the prosecutions of each Polyanin and Vasinskyi, lots of these guys merely aren’t too exhausting to seek out. Let the video games start.
[ad_2]
