The Department of Justice has unsealed charges against a Ukrainian national over a ransomware attack against IT company Kaseya in July. Authorities in Poland arrested Yaroslav Vasinskyi last month and proceedings are underway to extradite him to the US. 

He has been charged with conspiracy to commit fraud and related activity in connection with computers, several counts of damage to protected computers and conspiracy to commit money laundering. If convicted on all charges, Vasinskyi faces a maximum sentence of 115 years in prison.

According to the indictment, Vasinskyi used a Kaseya product to distribute ransomware. As many as 1,500 businesses and organizations around the world were affected. REvil, the ransomware group Vasinskyi is linked to, originally demanded $70 million in exchange for unlocking victims’ systems. Three weeks after the attack took place, Kaseya deployed a decryption key, which allowed its customers to regain access to their computers.

The DOJ also revealed it has seized $6.1 million in alleged ransom payments obtained by Russian national Yevgeniy Polyanin, another alleged member of REvil. Polyanin, who remains at large, has been accused of carrying out Sodinokibi/REvil ransomware attacks against several targets, including businesses and government departments in Texas, in August 2019. Polyanin faces similar charges to Vasinskyi. If convicted, Polyanin is looking at a maximum prison sentence of 145 years.

“Cybercrime is a serious threat to our country: to our personal safety, to the health of our economy, and to our national security,” Attorney General Merrick Garland said in a statement. “Our message today is clear. The United States, together with our allies, will do everything in our power to identify the perpetrators of ransomware attacks, to bring them to justice, and to recover the funds they have stolen from their victims.”