Ukrainian Hacker Linked to REvil Ransomware Group in US Court after Extradition

Yaroslav Vasinskyi, a Ukrainian national tied to the Russian REvil ransomware group, has been extradited to the US to face charges over his role in file-encrypting cyberattacks against multiple companies.

The alleged hacker was arrested in Poland in October 2021 when authorities cracked down on REvil affiliates and recovered $6 million extorted from ransomware victims. Vasinskyi appeared before a US court yesterday after being extradited on March 3.

The US Department of Justice (DoJ) pressed multiple charges, including damage to protected computers, conspiracy to commit computer fraud, and money laundering.

Vasinskyi had his charges formally read in the Northern District of Texas after being moved to Dallas on March 3. If found guilty of all charges, he could face a total of 115 years in prison.

Prosecutors accuse him of using the Sodinokibi/REvil ransomware through a supply chain attack against roughly 1,500 Kaseya worldwide customers. The threat actor locked critical files on the victims’ machines and demanded a ransom in cryptocurrency in exchange for not making the data public and giving them back access to the encrypted documents.

“Through the deployment of Sodinokibi/REvil ransomware, the defendant allegedly left electronic notes in the form of a text file on the victims’ computers,” according to the DoJ news release. “The notes included a web address leading to an open-source privacy network known as Tor, as well as the link to a publicly accessible website address the victims could visit to recover their files.”

Ransomware is a digital form of extortion, where perpetrators lock data on compromised machines and demand money to return access to the files. Ransomware actors often threaten to leak the encrypted data or sell it to third parties if the victims fail to comply with their demands.

Earlier this year, Russia’s Federal Security Service (FSB) announced the arrest of several alleged REvil cybercriminals, believed to be the last remaining members of the ransomware gang that were still at large.