Alleged REvil ransomware hacker extradited and arraigned in Texas

A man accused of being connected to the Russia-linked REvil ransomware group responsible for cyberattacks on organizations including US-based software company Kaseya, has been extradited from Poland and arraigned in a Dallas court.

In November last year, the US Department of Justice charged the man, 22-year-old Yaroslav Vasinskyi, of being behind the July 2021 ransomware attack against Kaseya. Vasinskyi, a Ukrainian national, was taken into custody in Poland and transported to Dallas, where he arrived on March 3.

US Attorney General Merrick Garland said in a statement published on the Department of Justice’s (DOJ) website, that the department had made it clear it would “spare no resource” in identifying and bringing to justice cybercriminals who target the US, adding that by charging Vasinskyi, the DOJ had made good on its promise.

REvil, also known as Sodinokibi, appeared in 2019 and is one of the most active and successful ransomware operations. In the July 2021 cyberattack again Kaseya, REvil exploited a vulnerability in the Kaseya VSA remote computer management tool.

The group deployed malicious code that led to REvil ransomware being delivered to endpoints on Kaseya customer networks, encrypting computers and their data. The supply-chain attack has  affected about 2,000 global organizations, according to security researchers.

REvil was also responsible for the ransomware attack against Brazil-based food supplier JBS, one of the largest meat processing companies in the world, in June 2021, which resulted in the company paying $11 million in bitcoin to the attackers in exchange for the key to decrypt the network.

REvil announced it was responsible for both the Kaseya and JBS attacks, a claim that the FBI has confirmed.

In total, the DOJ said Vasinskyi made $2.3 million from ransoms, after demanding more than $760 million from companies that had fallen victim to REvil ransomware attacks.

Vasinskyi has been charged with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering. He is facing a total of 115 years in prison if convicted of all counts.

The DOJ and FBI has worked with international law enforcement agencies, including security agencies in Canada, the Netherlands, France, Poland and Ukraine, on the REvil case.

In addition to Vasinskyi, various other members of REvil have been charged or arrested. The DOJ said in November that two other REvil members were arrested in Romania, and that it had also charged Russian national Yevgeniy Polyanin with conducting ransomware attacks.  Agency representatives said Thursday they were not available to comment further on those cases.