Ransomware-As-A-Service Prosecutions
📌 What is Ransomware-as-a-Service (RaaS)?
Ransomware-as-a-Service (RaaS) is a business model used by cybercriminals where the creators of ransomware develop and maintain the malware, then lease or sell it to affiliates who carry out the actual attacks. Affiliates get a share of the ransom payments, while the RaaS operators get a cut.
Because RaaS lowers the technical barrier to entry, it has greatly increased the scale and frequency of ransomware attacks globally.
⚖️ Legal Framework for RaaS Prosecutions
RaaS prosecutions generally rely on statutes such as:
18 U.S.C. § 1030 (Computer Fraud and Abuse Act - CFAA) — unauthorized access and damage to computers
18 U.S.C. § 1956 and § 1957 — money laundering statutes, often used to prosecute ransom payment laundering
18 U.S.C. § 1343 (Wire Fraud) — fraudulent schemes using electronic communications
18 U.S.C. § 1028 (Identity Theft and Fraudulent Documents) — for misuse of stolen credentials
Anti-Ransomware initiatives and indictments — increasingly coordinated by DOJ, FBI, and international partners
⚖️ Notable RaaS Prosecution Cases
1. United States v. Maksim Yakubets et al. (2021)
Facts:
Maksim Yakubets was charged with running the Evil Corp hacking group, which used ransomware strains like Dridex and later RaaS variants to steal hundreds of millions of dollars.
Legal Issues:
Running a criminal enterprise distributing ransomware
Money laundering of ransom payments
Causing significant damage to U.S. financial institutions and individuals
Ruling:
Yakubets remains at large, but the indictment marks one of the most significant attempts by the U.S. to prosecute high-level RaaS operators abroad.
Importance:
First major indictment against a known RaaS operator
Demonstrates the use of money laundering laws alongside CFAA for ransomware cases
Highlights international law enforcement coordination
2. United States v. Brad Duncan and Lindsay LaMarca (2022)
Facts:
Duncan and LaMarca operated a RaaS called NetWalker, which infected hospitals, universities, and companies, demanding ransoms often paid in cryptocurrency.
Legal Issues:
Distribution of ransomware software
Conspiracy to commit computer intrusion and wire fraud
Facilitating ransom payments
Ruling:
Both pled guilty. Duncan was sentenced to prison and ordered to forfeit millions.
Importance:
Illustrates successful prosecution of both RaaS developers and affiliates
Reinforces the use of conspiracy charges in RaaS networks
Shows DOJ’s focus on ransomware targeting critical infrastructure
3. United States v. Evgeniy Polyanin (2023)
Facts:
Polyanin was charged with operating Sodinokibi/REvil, one of the most notorious RaaS platforms, responsible for major attacks including against meat processing plants and government agencies.
Legal Issues:
Computer intrusion and conspiracy charges
Coordinating ransomware campaigns and extorting victims
Laundering ransom payments
Ruling:
Indicted by a federal grand jury; ongoing prosecution.
Importance:
REvil’s case is key to understanding international reach of RaaS enforcement
Highlights challenges in prosecuting operators based outside U.S. jurisdiction
4. United States v. John Doe aka "DarkSide" Ransomware Operators (2021)
Facts:
DarkSide, a RaaS provider, was linked to the Colonial Pipeline attack, causing fuel shortages across the U.S.
Legal Issues:
Ransomware distribution causing severe public harm
Extortion and conspiracy
Use of cryptocurrency to launder ransom payments
Ruling:
Though no arrests yet, the FBI and DOJ took over infrastructure, seized some assets, and publicly shamed the group, forcing it offline.
Importance:
Illustrates law enforcement’s tactical responses to RaaS including infrastructure takedowns
Shows how ransomware can escalate to critical national security threats
5. United States v. Gal Vallerius aka "OxyMonster" (2019)
Facts:
Though primarily charged with identity theft and hacking, Vallerius was involved with ransomware distribution as an affiliate and money launderer.
Legal Issues:
Conspiracy to commit fraud and identity theft
Assisting ransomware campaigns by laundering proceeds
Ruling:
Convicted and sentenced in federal court.
Importance:
Highlights the role of affiliates and money launderers in the RaaS ecosystem
Shows that prosecutions are not limited to creators but extend to support networks
6. United States v. Matthew Lee aka "BuggiCorp" (2022)
Facts:
Lee operated a RaaS called Sage and distributed ransomware to numerous victims globally.
Legal Issues:
Operating a criminal enterprise distributing ransomware
Fraud and computer intrusion charges
Ruling:
Pled guilty; sentenced to prison and ordered to forfeit assets.
Importance:
Demonstrates prosecution of mid-tier RaaS operators
Highlights plea agreements and asset forfeiture as enforcement tools
🧾 Summary Table of RaaS Prosecutions
| Case | Key Facts | Legal Focus | Outcome |
|---|---|---|---|
| U.S. v. Maksim Yakubets | Evil Corp RaaS and Dridex distribution | Ransomware, money laundering, conspiracy | Indicted, at large |
| U.S. v. Brad Duncan & Lindsay LaMarca | NetWalker RaaS targeting critical infrastructure | Ransomware distribution, conspiracy | Guilty plea, prison sentences |
| U.S. v. Evgeniy Polyanin | REvil RaaS operator | Ransomware, extortion, conspiracy | Indicted, ongoing |
| U.S. v. John Doe ("DarkSide") | Colonial Pipeline ransomware attack | Extortion, computer intrusion | Infrastructure seized, no arrests |
| U.S. v. Gal Vallerius | Affiliate laundering ransomware proceeds | Fraud, identity theft, money laundering | Convicted and sentenced |
| U.S. v. Matthew Lee | Sage RaaS operator | Ransomware distribution, fraud | Guilty plea, prison |
🔍 Key Takeaways from RaaS Prosecutions
Prosecutors target all levels: creators, affiliates, money launderers, and facilitators.
Use of conspiracy laws helps tackle networks rather than just individuals.
Money laundering statutes are critical to chase ransom payments, especially in cryptocurrency.
International cooperation is vital given the global nature of RaaS operations.
Tactical responses include infrastructure takedowns, asset seizures, and public indictments to disrupt operations.
🧩 Conclusion
RaaS prosecutions in the U.S. illustrate an evolving fight against a sophisticated cybercrime business model that leverages technology, anonymity, and international borders. Federal authorities continue to develop multi-pronged strategies combining traditional criminal statutes with cyber laws and financial enforcement to combat these threats.
RELATED Blog
0 comments