The person at the center of this case
Multiple victims of ransomware attacks (organizations and businesses)
Cold Case · Open - Wanted by FBI
56 days waiting
YEVGENIY IGOREVICH POLYANIN
Justice for Multiple victims of ransomware attacks (organizations and businesses) — the trail went cold in 2026, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1Why is Polyanin believed to be in Barnaul specifically, and what evidence connects him to that location?
🔍
evidence
Lead #2How many organizations and individuals were victimized by Polyanin's ransomware operations, and what was the total financial impact?
💡
clue
Lead #3What cryptocurrency wallets or payment addresses were used to receive ransom payments, and can they be traced?
Yevgeniy Igorevich Polyanin is wanted by the FBI for his alleged role as a ransomware operator and money launderer, deploying Sodinokibi and REvil malware to encrypt victims' files and extort cryptocurrency payments. Polyanin would post stolen data online or claim to sell it if victims refused to pay ransom demands, causing significant financial and operational damage to numerous organizations. He is believed to be located in Russia, possibly in Barnaul, and remains at large as an active threat to critical infrastructure and private sector networks.
Case
#1091
Federal Bureau of Investigation (FBI) - United States District Court for the Northern District of Texas
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
👤
person
Lead #4Is Polyanin operating independently or as part of a larger ransomware-as-a-service (RaaS) network with other affiliates?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Fraud and Related Activity in Connection with Computers; Intentional Damage to a Protected Computer; Conspiracy to Commit Money Laundering Caution: Yevgeniy Igorevich Polyanin is wanted for his alleged involvement in ransomware attacks and money laundering activities. It is alleged that, through the use and deployment of Sodinokibi and REvil ransomware, Polyanin left electronic notes in the form of a text file on victims’ computers.
The notes included web addresses for the victims to visit and have their files decrypted. Upon visiting these web addresses, victims were given the ransom amount demanded and provided a virtual currency address to use to pay the ransom.
If a victim paid the ransom amount, Polyanin provided the decryption key, and the victims then were able to access their files. If a victim did not pay the ransom, Polyanin typically posted the victims’ exfiltrated data or claimed he sold the exfiltrated data to third parties.
Polyanin has been charged in an indictment filed in the United States District Court for the Northern District of Texas, Dallas, Texas, with conspiracy to commit fraud and related activity in connection with computers, substantive counts of intentional damage to protected computers, and conspiracy to commit money laundering. Remarks: Polyanin is believed to be in Russia, possibly in Barnaul, and is one of many Sodinokibi/REvil ransomware affiliates.
Timeline of Events
📋
Unknown
Ransomware deployment
Polyanin deployed Sodinokibi and REvil ransomware variants, leaving electronic notes with ransom demands and virtual currency addresses on victims' computers
🕵️
Unknown
FBI indictment
Polyanin was charged in the United States District Court for the Northern District of Texas with conspiracy to commit fraud, intentional damage to protected computers, and conspiracy to commit money laundering
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:Invalid Date
Last Updated:May 10, 2026
Leave a comment
Comments
Case Information
Incident:Invalid Date
Last Updated:May 10, 2026