Close this search box.

Global sting nets big-time ransomware hackers, millions in crypto


Global law enforcement is fast closing on one of the worst ransomware cybercrime operations known with a series of stings yesterday.

US-led authorities yesterday seized US$6.1 million in the sting against ransomware actors. Many of the ransom payments made to hackers are associated with the REvil gang.

Ukrainian authorities have also arrested a man charged with one of the most disruptive ransomware attacks to date.

US President Joe Biden said the money seizure and arrests made good on a warning to Russian President Vladimir Putin that his country would “hold cybercriminals accountable”. 

Operation GoldDust’ saw authorities seize US$6.1 million from Yevgeniy Polyanin, 28, who is thought to reside in Russia.

Ransomware kingpin caught in sting is part of the REvil network

Polyanin has perpetrated more than 3000 ransomware attacks as part of the REvil criminal network. These attacks have generated at least US$13 million from extortion payments. 

Yaroslav Vasinskyi, 22, also allegedly part of the REvil network since 2019, was arrested at the border crossing between Ukraine and Poland overnight.

He was charged by the US Department of Justice for orchestrating the high-profile ransomware attack against IT company Kaseya that ground to a halt the operations of thousands of organisations in July.  

REvil and its affiliates are responsible for other high profile attacks including meat supplier JBS in June 2021.  

Vasinskyi allegedly collected US$2.3 million from mostly managed service providers around the world that used Kaseya’s popular VSA server to provide remote IT management. 

He denied wrongdoing during an interview with Polish prosecutors, according to tech publication Cyberscoop.  

Polyanin and Vasinskyi face charges of fraud, accessing a protected computer without authorisation, and conspiracy with the purpose of money laundering.  

The Kaseya crisis’ huge global impact

Authorities said Vasinskyi deployed the REvil ransomware within Kaseya’s VSA platform leading to a cascade that infected countless businesses around the world.

Many organisations paid ransoms in an unsuccessful bid to have their operations restored. 

Among the hardest hit was Sweden’s largest supermarket chain, Coop, which was forced to close hundreds of stores and give away food for free after being unable to take payments. 

The accused hacker demanded US$50 million to unlock all ransomware-affected computers and anywhere from US$45,000 to US$5 million to unlock individual affected systems. 

Current sting among many ongoing global actions against ransomware actors

The charges are the latest strike in a series against REvil and other ransomware operators. The REvil gang’s operations went offline last week in what appeared to be a tightening law enforcement noose around the group. 

Ransomware gangs have operated largely unchecked for years, becoming increasingly audacious and organised with ransom demands increasing from thousands to millions of dollars.

An affiliate of the ransomware group then known as DarkSide appeared to have gone too far in May by attacking the US Colonial Pipeline company, causing the major east coast US oil distributor to shutter services. 

The US then issued warnings that it would consider retaliatory hacking against the ransomware groups with President Biden announcing tougher penalties for ransomware-related crimes. 

Federal Bureau of Investigations director Christopher Wray said in court documents unsealed overnight that the agency worked “creatively and relentlessly” against REvil. 

“Ransomware groups like them pose a serious, unacceptable threat to our safety and our economic well-being,” he said. 

“We will continue to broadly target their actors and facilitators, their infrastructure, and their money, wherever in the world those might be.”  

A century of jail to come?

Polyanin and Vasinskyi face maximum penalties of 115 and 145 years in prison, respectively, if convicted of all counts. 

The charges came hours after a separate joint ransomware crackdown by Europol that resulted in the arrests of seven alleged REvil and GandCrab ransomware affiliates in South Korea, Romania, and Kuwait. 

The US also sanctioned cryptocurrency portal Chatex for allegedly helping ransomware gangs to launder ransom payments. 

Authorities have offered bounties of US$10 million and US$5 million for information leading to the arrest of core REvil gang members and affiliates, respectively. 

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →