Alleged Kaseya Attacker Extradited to US

Written by

A Ukrainian man has been extradited to the United States to face criminal charges connected with the deployment of REvil Ransomware, also known as Sodinokibi.

Yaroslav Vasinskyi is accused of orchestrating ransomware attacks against multiple commercial targets in America. Alleged victims of the 22-year-old include the multi-national information technology software company Kaseya, which was hit in July 2021.

“In the alleged attack against Kaseya, Vasinskyi caused the deployment of malicious Sodinokibi/REvil code throughout a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to endpoints on Kaseya customer networks,” stated the Department of Justice’s Office of Public Affairs.

“After the remote access to Kaseya endpoints was established, the ransomware was executed on those computers, which resulted in the encryption of data on computers of organizations around the world that used Kaseya software.”

On the computers of his alleged victims, the defendant allegedly left a text file containing a ransom demand and a cryptocurrency address to which to send a ransom payment. Victims were offered a decryption key in exchange for the payment.

When a victim refused to comply with the ransom demand, Vasinskyi allegedly published data that he had stolen from them online or sold the stolen data to third parties. 

The defendant, whom US prosecutors allege has links to a ransomware gang connected with threat actors based in Russia, was taken into custody in Poland in October 2021. 

On March 3, Vasinskyi was transported to Dallas by US law enforcement authorities. He was arraigned on Wednesday in the Northern District of Texas.

Vasinskyi is charged with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers and conspiracy to commit money laundering. If convicted of all counts, he could be sentenced to a maximum of 115 years in prison. 

“Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has arrived in a Dallas courtroom to face justice,” said deputy attorney general Lisa Monaco. 

She added: “When we are attacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be.”

What’s hot on Infosecurity Magazine?