EXCLUSIVE: REvil ‘super-hacker’ wanted by FBI for ‘using ransomware to fleece millions of dollars’ from Americans is unmasked by DailyMail.com in his plush hideout in Siberia as Kremlin turns blind eye
- DailyMail.com tracked suspected super-hacker Yeveniy Polyanin, 28, to a $380,000 home in the Siberian city of Barnaul, where his wife, Sofia, openly runs a social media baking business
- Polyanin was seen in Barnaul driving a $74,000 Toyota Land Cruiser and owns a BMS worth up to $108,000
- He is wanted by the FBI for his involvement in ransomware attacks and money laundering activities
- He is alleged to be an affiliate of the REvil/Sodinokibi gang and the FBI has reportedly seized from him $6.1 million in ill-gotten funds, while a reward of up to $5 million was offered for information leading to his arrest
- Russian records shows that in 2019, Polyanin was registered as an ‘individual entrepreneur’ involved in the ‘development of computer software’ and IT ‘consulting’
- The country has a bar on extraditing its own citizens, which means he could only face court in Russia
One of the FBI’s most wanted men linked to ransomware gang REvil is living freely in a Siberian city with no sign the Russian authorities are acting to detain him.
DailyMail.com tracked suspected super-hacker Yevgeniy Polyanin, 28, to a chic $380,000 (USD) home in Barnaul where he was seen driving his $74,000 Toyota Land Cruiser 200, evidently feeling untouchable.
His wife Sofia, 28, openly runs an upscale social media baking business – including racy hen party cupcakes decorated with male genitalia – while he is accused by the US authorities of extorting millions of dollars from American businesses.
The pair enjoy a luxury lifestyle, with helicopter rides to the nearby scenic Altai Mountains.
A second car in the suspected cybercriminal’s garage is a BMW, worth up to $108,000.
Polyanin was this month accused by the FBI of ‘involvement in ransomware attacks and money laundering activities.’
He is alleged to be an affiliate of the REvil/Sodinokibi gang and the FBI claim to have seized from him $6.1 million in ill-gotten funds, while a reward of up to $5 million was offered for information leading to his arrest.
He is also seen as a key ‘test case’ of President Joe Biden’s demand that Vladimir Putin should cooperate with him in cracking down on suspected cybercriminals.
Yet there seems little prospect of this since Polyanin’s relatives and neighbors stress they have had no contacts over the FBI allegations from the Russian FSB counter-intelligence service or police.
Russia has been accused by the West of turning a blind eye to hackers targeting the US and Europe from its territory. DailyMail.com has reached out to the FBI to determine what will happen to the suspect now that he has been found.
Yevgeniy Polyanin, one of the FBI’s most wanted men linked to ransomware gang REvil, is living freely in a Siberian city with no sign the Russian authorities are acting to detain him. Right is an FBI picture of Polyanin holding a microprocessor is from a laboratory at Altai State University
Polyanin was spotted by a DailyMail reporter entering his $74,000 Toyota Land Cruiser 200 in Barnaul, Siberia
Polyanin seemed uncomfortable as he entered the car, as questions mounted about his whereabouts
He is living in a chic to a chic $380,000 home in Barnaul as he remains on the FBI’s Most Wanted list
Polyanin and his wife have spent recent days dodging reporters and cutting phone calls while living at his gated home, ‘elite’ residential complex Nevsky in Russia’s mountainous Altai region, where his curtains remained almost permanently closed.
He made clear he did not want to speak while privately assuring his pensioner mother Svetlana Polyanina, 58, who lives in the same city, that the FBI’s allegations were ‘fake.’
She had been initially deeply worried over the US claims, she said, and told a reporter she could not locate her son after the mega-hacking charges first appeared.
She said: ‘I am very worried, wouldn’t you be worried?
‘I will not tell you anything about his job.’
She added: ‘I have been taking pills since this came out….
‘I have already lost four kilograms in three days.’
While denying he was a programmer, she confessed alluding to some coverage of the FBI charges in the Russian media: ‘I don’t know whether it is true or not what they say in the newspapers.’
Polyanna said she could not locate her son, adding: ‘Maybe he is with the police now.’
And she added without further explanation: ‘Start with Putin, everything will become clear immediately.’
But when he finally contacted her six days after the allegations emerged, his mother said: ‘Do not disturb us please.
‘We are all fine.
‘He got in touch, everything is fine.
‘It is all a fake. He is on holiday.’
Polyanin is living in Siberia with his wife Sofia, 28, right, as she runs a bakery business
Polyanin and Sofia have been together since they were students in Barnaul, and in February she showed what appeared to be a wedding ring in a posting promoting her cake business
A few days after his 28th birthday on March 4 Sofia shared a picture of the cake she baked him, suggesting that the suspected hacker is a fan of Japanese manga series Naruto
Sofia also posted pictures of her rude hen party cupcakes, depicting male genitalia, with the message: ‘Friends, fun and enthusiasm are so important in our life’
Despite his plush new home, valued at around $380,000, Polyanin remains officially registered at her grim, Soviet-era flat in a block originally built for Interior Ministry employees, such as police, in Barnaul.
Apart from her iPhone 8, his mother shows no sign of wealth.
Polyanin’s globetrotting sister Anna, 35, was contacted by worried neighbors after the FBI allegations, and she replied that the family had had no contacts with Russian authorities or media.
She declined to meet a reporter to discuss the allegations against her younger brother.
The family ‘will not speak’ on the super-hacking ransomware claims, she made clear.
While Polyanin refused multiple opportunities to respond to the FBI claims, a middle aged next door neighbor said locals were familiar with the FBI claims, and untroubled by them.
Asked if he knew about the US allegations against Polyanin, he said: ‘Yes, yes, yes, I heard about it.’
Questioned on whether he had read the story that his next door neighbor was wanted by the US authorities, he said: ‘Yes.’
Asked if was surprised, he replied, indicating no shock: ‘Noooo….’
The businessman neighbor said: ‘Why don’t you talk to him personally? I won’t be speaking.’
An example of the bedrooms inside the elite block of flats where Polyanin is living with Sofia
The flats come with two floors and a designated living room area, with an attached kitchen and bar area
The elite residential complex Nevsky in Russia’s mountainous Altai region appear rather modern, with glass tables and chairs
At times, Polyanin and Sofia take helicopter rides to the explore the scenic Altai Mountains
Polyanin recovered from a serious car crash in 2018 involving a Mercedes Benz E-200 taxi in which he was travelling in Moscow.
He required months of treatment and subsequently sued for damages over the crash in which he suffered multiple injuries.
Polyanin and Sofia have been together since they were students in Barnaul, and in February she showed what appeared to be a wedding ring in a posting promoting her cake business.
She also let slip online the couple’s new address on Novgorodskaya Street.
A few days after his 28th birthday on March 4 she shared a picture of the cake she baked him, which also came as around the time the pair had moved into their prestigious new fenced house, its façade coated with ceramic granite and Angara pine, equipped with infra-red CCTV security cameras.
‘This is my main spring cake for my main spring reason,’ she posted.
‘I couldn’t miss making it, and it turned out to be bright and just in time, even though it was made in the rush of moving.’
The birthday cake’s decoration suggests that the suspected hacker is a fan of Japanese manga series Naruto, whose main character Naruto Uzumaki, a young ninja who craves the adulation of his peers, dreaming of becoming the Hokage, leader of his village.
Online bakery owner Sofia also posted pictures of her rude hen party cupcakes, depicting male genitalia, with the message: “Friends, fun and enthusiasm are so important in our life.”
The bride for whom they were baked replied:” They were very tasty and unreal Thank you so much!”
Polyanin’s mother, Svetlana Polyanina, originally said she did not know where his son was, but later claimed he is ‘on holiday’
His globetrotting sister Anna, 35, was contacted by worried neighbors after the FBI allegations, and she replied that the family had had no contacts with Russian authorities or media
Russian records shows that in 2019, Polyanin was registered as an ‘individual entrepreneur’ involved in the ‘development of computer software’ and IT ‘consulting.’
He had earlier dropped out of a masters degree course in computing from the Physics and Technology Faculty of Altai State University.
A fellow student Konstantin Starodubtsev said: ‘He was not particularly a genius in programming.’
Polyanin had suddenly cut his social media in 2014, he said, a move which reduced his online trail.
‘He was funny in his own way. He liked to make puns. I only remember him for [his interest in] gym,’ he said.
On the FBI claims against him, Starodubtsev said: ‘I am surprised by this.’
His professor, Vladimir Pashnev, said: ‘He really didn’t stand out in any way.’
Polyanin holds a bachelor’s degree in ‘computer science and computer technology.’
A new picture shows him at his graduation in 2016.
The professor said an FBI picture of Polyanin holding a microprocessor is from the university’s laboratory.
He stressed: ‘We were not the ones who taught him (hacking).
‘This line of work requires a certain charisma. And he had no charisma, or no-one remembers this.
‘We have a joke around here now: “He didn’t study well. Had he done so, well, he wouldn’t have been caught.”‘
‘We feel somewhat uncomfortable,’ he added. ‘He seems to be a good specialist, but we have no reason to be proud.’
Polyanin attended the same university as flame-haired Maria Butina, 33, now a pro-Putin Russian MP, who was convicted in the US in 2018 and jailed in America for acting as an unregistered foreign agent, where she penetrated the National Rifle Association and political circles.
Polyanin’s former headteacher Olga Suslova described the alleged ransomware hacker as ‘well-mannered and cultured,’ saying he had lived with his mother after his father died.
He ‘didn’t shine’ at school, she explained.
The FBI accuse Polyanin of conspiracy to commit fraud and related activity in connection with computers, intentional damage to a protected computer, and conspiracy to commit money laundering.
The bureau’s Texas office said: ‘Polyanin is believed to be in Russia, possibly in Barnaul, and is one of many Sodinokibi/REvil ransomware affiliates.’
He is listed as using seven variations of his name or aliases, namely: Yevhgyeniy Polyanin, Yevgeniy Polyanin, Yevgveniey Igorevich Polyanon, Evegnii Igorevich Polianin, Evgeniy Polyanin, Evgeniy Igorevich Polyanin, and ‘lk-4d4.’
In detail, the FBI stated: ‘Yevgyeniy Igoryevich Polyanin is wanted for his alleged involvement in ransomware attacks and money laundering activities.
‘It is alleged that, through the use and deployment of Sodinokibi and REvil ransomware, Polyanin left electronic notes in the form of a text file on victims’ computers.
‘The notes included web addresses for the victims to visit and have their files decrypted.
‘Upon visiting these web addresses, victims were given the ransom amount demanded and provided a virtual currency address to use to pay the ransom.
‘If a victim paid the ransom amount, Polyanin provided the decryption key, and the victims then were able to access their files.
‘If a victim did not pay the ransom, Polyanin typically posted the victims’ exfiltrated data or claimed he sold the exfiltrated data to third parties.
‘Polyanin has been charged in an indictment filed in the United States District Court for the Northern District of Texas, Dallas, Texas, with conspiracy to commit fraud and related activity in connection with computers, substantive counts of intentional damage to protected computers, and conspiracy to commit money laundering.’
The law enforcement agency said: ‘If you have any information concerning this person, please contact your local FBI office or the nearest American Embassy or Consulate. Field Office: Dallas.’
Polyanin, circled, had dropped out of a masters degree course in computing from the Physics and Technology Faculty of Altai State University, and holds a bachelor’s degree in ‘computer science and computer technology’
He deleted his social media in 2014, but the FBI suspected he may be in Russia, ‘possibly in Barnaul.’ He is pictured with Sofia
Biden referred on November 9 to the US naming of Polyanin, and another alleged super-hacker Yaroslav Vasinskyi, 22, a Ukrainian national, who was detained in Poland.
‘When I met with President Putin in June, I made clear that the United States would take action to hold cybercriminals accountable,’ he said.
‘That’s what we have done today.’
At the same time, the Department of Justice disclosed ‘the seizure of $6.1 million in funds traceable to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who is also charged with conducting Sodinokibi/REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on or about August 16, 2019.’
The Washington Post on November 11 cited Dmitri Alperovitch, a founder of the Silverado Policy Accelerator, stating that Polyanin was ‘a great test case’ of Biden’s hope of cooperation from Putin in tackling cybercrime.
He said: ‘Will Moscow take action against him? If they don’t, that’s a sign that they’re not planning to cooperate.’
Yet Russia has a constitutional bar on extraditing its own citizens, which means the only court Polyanin could face would be in Russia.