The Justice Department announced Monday that it has charged two men who are allegedly members of the REvil ransomware gang that has conducted thousands of cyberattacks, including on the world’s largest meat processor and on a Florida-based software company with a global clientele.

At a news conference at the Justice Department in Washington, Attorney General Merrick Garland said Ukrainian Yaroslav Vasinskyi has been arrested and Russian Yevgeniy Polyanin also has been charged. The indictments against both suspects were unsealed Monday.

The Justice Department also announced it has recovered $6.1 million in ransomware payments allegedly linked to Polyanin.

“Today, and now for the second time in five months, we announced the seizure of digital proceeds of ransomware deployed by a transnational criminal group,” Garland said. “This will not be the last time the U.S. government will continue to aggressively pursue the entire ransomware ecosystem and increase our nation's resilience to cyber threats.” 

In June, the Justice Department seized $2.3 million in cryptocurrency from a payment made by Colonial Pipeline following a ransomware attack that caused the company to temporarily halt operations, creating fuel shortages in parts of the country.

"Cyber threats are a concern for every American, every business regardless of size, and every community," President Joe Biden said in a statement Monday about the counter-ransomware actions.

"When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable," Biden continued. "That’s what we have done today. We are bringing the full strength of the federal government to disrupt malicious cyber activity and actors, bolster resilience at home, address the abuse of virtual currency to launder ransom payments, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals."

"While much work remains to be done, we have taken important steps to harden our critical infrastructure against cyberattacks, hold accountable those that threaten our security, and work together with our allies and partners around the world to disrupt ransomware networks — and my Administration will continue to use every tool available to us to protect the American people and American interests against cyber threats," Biden concluded.

Ransomware is a type of malicious code that encrypts computer files, making them unusable until a large payment is made — usually using cryptocurrency.

Vasinskyi and his co-conspirators are accused of writing REvil software that infected victims’ computers, demanding ransomware payments and laundering the payments.

Vasinskyi was arrested by authorities in Poland at the United States’ request on Oct. 8 after leaving Ukraine, Garland said. The U.S. has asked for him to be extradited to face the charges. 

“Today's announcement of the arrest of Yaroslav Vasinskyi in Poland and the charges against and seizure from Yevgeny Polyanin shows what's possible when federal law enforcement and international law enforcement work together with private-sector companies,” FBI Director Christopher Wray said. “It also demonstrates our resolve in pursuing criminal enterprises that use ransomware to threaten our critical infrastructure, our public health and safety, and our economic vitality.”

Polyanin, who remains at large, allegedly conducted about 3,000 ransomware attacks that extorted approximately $13 million from his victims, Garland said. 

The charges against both men include conspiring to commit intentional damage to protected computers and to use that damage to extort payments and conspiring to commit money laundering. 

The Treasury Department announced sanctions against the pair as well in what it said was a virtual currency exchange, Chatex, that was used by ransomware gangs.

REvil, also known as Sodinokibi, has been linked in recent months to ransomware targeting the meat processor, JBS SA, as well as a Fourth of July weekend attack that snarled businesses around the world through a breach of the software company called Kaseya.

REvil’s attacks also have targeted financial services firms, critical infrastructure entities, nonprofits, law enforcement agencies and local governments, authorities said.

Its ransomware has been deployed on about 175,000 computers worldwide, with at least $200 million in random paid out, authorities said.

Federal officials applauded Kaseya for immediately reporting the attack to the FBI. 

“Kaseya’s swift response allowed the FBI and our partners to quickly figure out which of its customers were hit and for us to quickly share with Kaseya and its customers information about what the adversaries were doing, what to look for and how the companies could best address the danger,” Wray said. 

“Most of the time, the actors themselves are trying to hide abroad,” the FBI director added. “But as we've shown time and time again, we're still going to pursue them, disrupt them and hold them accountable. The long arm of the law reaches a lot further than they think.”

In the Kaseya case, Wray said investigators were able to obtain a decryption key that allowed them to unlock Kaseya customers’ data and maximize “our government's impact on our adversaries who were continuing to mount new attacks.”

Garland called on Congress to pass a national standard for businesses to report significant cyberattacks to authorities. 

“When ransomware attacks do occur, law enforcement's ability to respond depends in large part and on whether and how promptly the victim reports the attack,” the attorney general said. “Failure to timely report also puts other potential victims into jeopardy. It deprives investigators of the information they need to forestall or mitigate other attacks.”

The State Department, meanwhile, announced a reward of up to $10 million for information leading to the identification or location of any REvil leaders.

European law enforcement authorities also announced Monday that they'd arrested two other suspected ransomware operators with links to REvil in Romania.

The arrests were part of a law enforcement investigation called GoldDust that involved the United States and 16 other countries. 

Authorities in Kuwait arrested another accused hacker last week, and South Korean authorities have arrested three since last February.

The Associated Press contributed to this report.