Alleged hacker behind Kaseya ransomware attack extradited, arraigned in Texas

Yaroslav Vasinskyi is accused of using Sodinokibi/REvil ransomware to encrypt several companies.
Written by Jonathan Greig, Contributor

Yaroslav Vasinskyi, accused of being connected to the Sodinokibi/REvil ransomware group, was extradited and arraigned in a Dallas, Texas court on Wednesday. 

In November, the Justice Department said the 22-year-old was behind the July 2021 ransomware attack against Kaseya, which crippled hundreds of companies around the world for days. 

CyberScoop reported in November that Vasinskyi was arrested at a border crossing in Dorohusk -- a Polish-Ukrainian border town -- on October 8. Vasinskyi made his first appearance and was arraigned today in the Northern District of Texas.

"When last year I announced charges against members of the Sodinokibi/REvil ransomware group, I made clear that the Justice Department will spare no resource in identifying and bringing to justice transnational cybercriminals who target the American people," said Attorney General Merrick Garland. 

"Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has arrived in a Dallas courtroom to face justice," said Deputy Attorney General Lisa Monaco. 

The DOJ said Vasinskyi was brought to Dallas on March 3.

According to an indictment from August, Vasinskyi was responsible for the attack on Kaseya as well as several other companies. REvil was also accused of being responsible for the ransomware attack against food supplier JBS, which paid $11 million in Bitcoin to the attackers in exchange for the key required to decrypt the network. 

Garland said in November that Vasinskyi -- who went by the name "Rabotnik" online -- was one of the masterminds behind the REvil ransomware. The indictment shared by the DOJ said Vasinskyi has been part of the REvil ransomware gang since at least 2019 and has launched at least 2,500 attacks. 

The DOJ said he made $2.3 million from ransoms after demanding a total of more than $760 million.

He has been charged with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering. He is facing a total of 115 years in prison if convicted of all counts. 

News of Vasinskyi's arrest in November was paired with the seizure of $6.1 million in funds traceable to alleged ransom payments received by 28-year-old Russian national Yevgeniy Polyanin. Polyanin was also charged for his involvement with Sodinokibi/REvil.

"The arrest of Yaroslav Vasinskyi, the charges against Yevgeniy Polyanin, and seizure of $6.1 million of his assets, and the arrests of two other Sodinokibi/REvil actors in Romania are the culmination of close collaboration with our international, US government, and especially our private sector partners," FBI Director Christopher Wray said at the time. 

"The FBI has worked creatively and relentlessly to counter the criminal hackers behind Sodinokibi/REvil."

Law enforcement officials from multiple countries were involved in disrupting the REvil ransomware gang, which went dark for the second time in October. Suspected members of the group were also detained following raids by Russia's Federal Security Service (FSB) in January. 

According to the US Department of Justice, in addition to the headlining attacks on Kaseya and JBS, REvil is responsible for deploying its ransomware on more than 175,000 computers. The group allegedly brought in at least $200 million from ransoms.

Editorial standards