The US Department of Justice Monday unveiled the arrest of a Ukrainian citizen suspected of being part of the July ransomware attack on MSPs via Kaseya.
The DoJ has charged Ukrainian national Yaroslav Vasinski for deploying the REvil ransomware attack in July. The DoJ also charged Russian national Yevgeniy Polyanin with conspiracy to commit fraud and other charges.
Vasinski was arrested last month by Polish authorities and is being held pending US extradition proceedings, while Polyanin remains at large.
Kaseya in early July was forced to take all SaaS instances of its VSA remote monitoring and management tool offline following an attack against some on-premise VSA customers.
Kaseya on July 2 posted an “Important Notice” on its website that read, ”We recommend that you IMMEDIATELY shutdown your VSA server until you receive further notice from us. It’s critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA.”
The attack, from ransomware operator REvil, a few days later demanded US$70 million from Kaseya for a decryptor that could be used to decrypt the ransomware on the 1,000-plus end customers hit by the attack. The FBI eventually was able to access the decryptor tool and enable those customers to recover.
Kaseya eventually said that the REvil attack via its VSA hit 56 of Kaseya’s 37,000 MSP customers and about 1,500 of those MSPs’ end-user clients.
Kaseya, in an emailed statement from Dana Liedholm, senior vice president of corporate marketing, praised the help of the U.S. government.
“We at Kaseya are grateful for the support and assistance provided by the FBI, as well as the swift action and response provided by the Department of Homeland Security, Department of Justice and all other involved United States Government entities. From day one, the FBI has, and continues to be, a great partner to us,” Liedholm said.
The DoJ did not respond to a CRN request for further information by press time.