WASHINGTON - President Joe Biden on Monday took aim at Russian President Vladimir Putin following U.S. action targeting two suspected criminal hackers involved in a wave of ransomware attacks, including one that led to the temporary shutdown of the world’s largest meat processor and another that snarled businesses around the globe on Fourth of July weekend.
Biden said the U.S. Department of Justice’s seizure of $6.1 million in ill-gotten funds from the REvil ransomware gang is part of the U.S. commitment to go after cyber criminals, according to a statement released by the White House on Monday.
In July, Biden told Putin that he must "take action" against cyber criminals acting in his country and that the U.S. reserves the right to "defend its people and its critical infrastructure."
"When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable. That’s what we have done today," Biden said on Monday referring to an announcement from Attorney General Merrick Garland and other top officials that Ukrainian Yaroslav Vasinskyi and Russian Yevgeniy Polyanin are alleged to be part of the REvil ransomware organization.
Officials said Vasinskyi was recently arrested in Poland and that the U.S. government had recovered $6.1 million in ill-gotten funds from Polyanin.
"The Justice Department is sparing no resource to identify and bring to justice anyone, anywhere who targets the United States with a ransomware attack," Garland said.
REvil, also known as Sodinokibi, has been linked in recent months to ransomware targeting the world's largest meat processor, JBS SA, as well as a Fourth of July weekend attack that snarled businesses around the world through a breach of a Florida-based software company called Kaseya.
European law enforcement authorities also announced Monday that they had arrested two other suspected ransomware operators with links to REvil in Romania. They are among seven hackers suspected to have links to ransomware attacks that have targeted thousands of victims and have been arrested since last February as part of a global cybercrime crackdown, European announced said.
Biden said the arrests and seizure of ill-gotten funds are part of the nation’s commitment to preventing further cyber attacks.
"We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals," Biden said.
The U.S. Justice Department stepped up actions to combat ransomware and cybercrime through arrests and other actions in recent weeks. The issue is regarded by the White House as an urgent economic and national security threat.
The U.S. Department of State is offered up to $10 million for any information leading to the identification or location of any individual who holds a "key leadership role" in the REvil ransomware group on Monday.
In addition to the $10 million reward, the department is also offering up to $5 million for any information leading to the arrest and/or conviction of any individual, regardless of what country they live in, who has conspired to participate in a REvil ransomware attack, according to a department news release published on Monday.
Deputy Attorney General Lisa Monaco told the Associated Press last week that "in the days and weeks to come, you’re going to see more arrests," more seizures of ransom payments to hackers and additional law enforcement operations.
Arrests of foreign hackers are significant for the Justice Department since many of them operate in the refuge of countries that do not extradite their own citizens to the U.S. for prosecution.
The Justice Department in June seized $2.3 million in cryptocurrency from a payment made by Colonial Pipeline following a ransomware attack that caused the company to temporarily halt operations, creating fuel shortages in parts of the country.
A report posted Sunday from Palo Alto Networks, a company offering network security solutions, said suspected foreign hackers breached nine global organizations across the defense, education, energy, health care and technology sectors, including servers used by companies working with the U.S. Department of Defense.
Palo Alto Networks said hackers targeted at least 370 organizations running Zoho ManageEngine servers in the U.S. alone.
"As early as Sept. 17 the actor leveraged leased infrastructure in the United States to scan hundreds of vulnerable organizations across the internet," Palo Alto Networks said in the report. "Subsequently, exploitation attempts began on Sept. 22 and likely continued into early October. During that window, the actor successfully compromised at least nine global entities across the technology, defense, healthcare, energy and education industries."
It did not name any of the targeted organizations.
This story was reported from Los Angeles. Kelly Hayes and Catherine Stoddard contributed.