Yevgeniy Polyanin, 28, a Russian national, is charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas around August 16, 2019. Federal authorities announced they seized $6.1 million from Polyanin in funds traceable to alleged ransom payments he received from separate attacks.
Though no Texas entities paid the ransom, 23 Texas entities were impacted by a coordinated ransomware attack that interrupted their ability to conduct business, including process licenses and certificates, collect payment for services, or even conduct payroll activities. As many of the impacted entities are smaller local governments with limited incident response resources, the state stepped in to support the response to this attack.
“DIR is proud to have worked with our federal partners in this investigation and is thankful for the support of Texas Governor Greg Abbott during the initial response and recovery,“ Amanda Crawford said, DIR’s executive director and State of Texas Chief Information Officer. “It was this team effort along with advanced preparation that allowed a very critical situation to be resolved quickly and with minimal impact for Texans.”
Governor Abbott declared the event a disaster – the first cybersecurity incident to be deemed a state disaster – and activated the Texas State Operations Center (SOC.) The Texas Military Department, Texas Department of Public Safety, Texas Division of Emergency Management, Texas A&M University System, Federal Bureau of Investigation, U.S. Department of Homeland Security, and other state, federal, and private sector partners supported the response efforts.
Crawford said DIR strongly suggests that Texas governmental entities not pay ransoms in an effort to disincentivize future attacks.
The sharing of information is crucial to combating cybercriminals. Any Texas entity can anonymously report a cyber incident through this link: https://dircommunity.force.com/isaothreatreport/s/report or by calling the 24/7 hotline at 877-DIR-CISO (877-347-2476).
Additional resources on cybersecurity preparedness and response can be found here: https://dir.texas.gov/information-security/cybersecurity-incident-management-and-reporting.
For more information on the federal indictments, visit: https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya