Ukrainian Hacker Linked to REvil Ransomware Attacks Extradited to United States

Yaroslav Vasinskyi, a Ukrainian national, linked to the
Russia-based REvil ransomware group^[1]
has been extradited to the U.S. to face charges for his role in
carrying out the file-encrypting malware attacks against several
companies, including Kaseya last July.

The 22-year-old had been previously arrested in Poland in
October 2021, prompting the U.S. Justice Department (DoJ) to
file charges^[2]
of conspiracy to commit fraud and related activity in connection
with computers, damage to protected computers, and conspiracy to
commit money laundering.

Ransomware is the digital equivalent of extortion wherein
cybercrime actors encrypt victims’ data and take it hostage in
return for a monetary payment to recover the data, failing which
the stolen information is published online or sold to other
third-parties.

According to the DoJ, in addition to the headline-grabbing
attacks on JBS and Kaseya, REvil is said to have propagated^[3]
its infection to more than 175,000 computers, netting the group at
least $200 million paid in virtual currency ransoms.

Vasinskyi, who was transported to the city of Dallas on March 3
pursuant to an extradition treaty between the U.S. and Poland, had
his charges formally read in the Northern District of Texas. If
convicted of all counts, Vasinskyi faces a total prison term of 115
years.

According to the indictment, the defendant is alleged to be
responsible^[4]
for deploying the Sodinokibi/REvil ransomware via a supply chain
attack that targeted as many as 1,500 customers of Kaseya across
the globe and demanding a bitcoin ransom in exchange for gaining
back access to the locked files.

“Just eight months after committing his alleged ransomware
attack on Kaseya from overseas, this defendant has arrived in a
Dallas courtroom to face justice,” said^[5]
Deputy Attorney General Lisa O. Monaco. “When we are attacked, we
will work with our partners here and abroad to go after
cybercriminals, wherever they may be.”