US Justice Department Announces Indictment Against REvil Ransomware Suspect Behind 2019 Ransomware Attack on Texas Municipalities

November 8, 2021
Cybersecurity News
DIR News
AUSTIN – The United States Justice Department announced Monday charges against an alleged affiliate of the REvil ransomware group suspected in ransomware attacks across the nation, including the 23 Texas municipalities hit in August 2019. The Texas Department of Information Resources (DIR), coordinated with state and federal response partners to investigate, contain, eradicate, and support the transition to recovery for these Texas entities within one week of the attack.

Yevgeniy Polyanin, 28, a Russian national, is charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas around August 16, 2019. Federal authorities announced they seized $6.1 million from Polyanin in funds traceable to alleged ransom payments he received from separate attacks.

Though no Texas entities paid the ransom, 23 Texas entities were impacted by a coordinated ransomware attack that interrupted their ability to conduct business, including process licenses and certificates, collect payment for services, or even conduct payroll activities. As many of the impacted entities are smaller local governments with limited incident response resources, the state stepped in to support the response to this attack. 

“DIR is proud to have worked with our federal partners in this investigation and is thankful for the support of Texas Governor Greg Abbott during the initial response and recovery,“ Amanda Crawford said, DIR’s executive director and State of Texas Chief Information Officer. “It was this team effort along with advanced preparation that allowed a very critical situation to be resolved quickly and with minimal impact for Texans.”

Governor Abbott declared the event a disaster the first cybersecurity incident to be deemed a state disaster – and activated the Texas State Operations Center (SOC.) The Texas Military Department, Texas Department of Public Safety, Texas Division of Emergency Management, Texas A&M University System, Federal Bureau of Investigation, U.S. Department of Homeland Security, and other state, federal, and private sector partners supported the response efforts.

Crawford said DIR strongly suggests that Texas governmental entities not pay ransoms in an effort to disincentivize future attacks. 

The sharing of information is crucial to combating cybercriminals. Any Texas entity can anonymously report a cyber incident through this link: https://dircommunity.force.com/isaothreatreport/s/report or by calling the 24/7 hotline at 877-DIR-CISO (877-347-2476).

Additional resources on cybersecurity preparedness and response can be found here: https://dir.texas.gov/information-security/cybersecurity-incident-management-and-reporting.          

For more information on the federal indictments, visit: https://www.justice.gov/opa/pr/ukrainian-arrested-and-charged-ransomware-attack-kaseya    

Related News

More News
January 17, 2024
Local government entities encouraged to submit cybersecurity projects for funding consideration from the State and Local Cybersecurity Grant Program
September 5, 2023
DIR Launches Local Government Security Incident Reporting Portal

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.