One of the alleged affiliates of the notorious REvil/Sodinokibi ransomware-as-a-service (RaaS) operation has been extradited to the United States to face charges related to the ransomware attacks on Kaseya and other entities in the United States.
The U.S. Department of Justice believes Yaroslav Vasinskyi, 22, a Ukrainian national, is a long-standing affiliate of the REvil ransomware gang who was responsible for breaching corporate networks, stealing sensitive data, and then using ransomware to encrypt files.
Vasinskyi is believed to be behind the ransomware attack on Kaseya, a provider of IT management software to managed service providers, that occurred over the American Independence Day weekend. A vulnerability in Kaseya’s VSA software was exploited which provided the gang with access to its managed service provider clients’ systems and their downstream businesses. Thousands of companies were affected by the attack.
A ransom demand of $70 million was issued for the keys to decrypt files and prevent the publication of stolen data; however, the FBI obtained the decryption keys as part of an international law enforcement operation that allowed all affected customers to decrypt their files for free. Vasinskyi is also alleged to have been behind at least 9 other ransomware attacks on companies in the United States.
Cybercriminals often escape justice in the United States as they operate out of countries that do not have an extradition treaty with the United States, such as Ukraine and Russia. Vasinskyi was arrested as he entered Poland from Ukraine in November 2021.
The REvil ransomware operation is now shut down and there have been several arrests made for their attacks. 14 suspected gang members were arrested by Russia’s Federal Security Service (FSB) in a series of raids in January 2022, and in November 2021, two other suspected members of the gang were arrested in Romania and Kuwait in an operation led by Interpol and Europol.
Vasinskyi is not believed to be one of the core members of the ransomware gang but is thought to be one of the key affiliates who has extensive expertise in conducting attacks, especially against managed service providers.
Vasinskyi has been charged with 11 counts for the attacks on Kaseya and other U. S. firms, including conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering. If convicted on all counts, Vasinskyi faces up to 115 years in jail and will lose all owned property and financial assets.
“When last year I announced charges against members of the Sodinokibi/REvil ransomware group, I made clear that the Justice Department will spare no resource in identifying and bringing to justice transnational cybercriminals who target the American people,” said Attorney General Merrick B. Garland. “That is exactly what we have done. The United States, alongside our international partners, will continue to swiftly identify, locate, and apprehend alleged cybercriminals, capture their illicit profits, and bring them to justice.”