REvil hacker accused of Kaseya ransomware attack arrested and extradited to the US
An alleged key member of the REvil ransomware group, who federal authorities say is responsible for the Kaseya hack that encrypted thousands of its customers' networks, has been arrested and extradited to Texas to face U.S. charges.
Ukrainian national Yaroslav Vasinskyi, 22, was arrested in Poland on October 8 and held until he was extradited and arraigned on Wednesday in a Dallas federal court to face accusations of computer hacking and fraud, according to an indictment filed in August but unsealed this week.
For a time, the REvil gang (also known as Sodinokibi) was one of the most active and prolific ransomware groups, encrypting the computers of victims in exchange for often hefty ransom demands. The Russian-speaking ransomware-as-a-service operation allows affiliates to rent access to their infrastructure in return for a cut of the profits. Since it first emerged, the group caused food production delays following an attack on meat processing plant JBS and leaked private information from companies like computer maker Acer and energy giant Invenergy.
But it was the attack on IT and network monitoring software company Kaseya that drew the most attention after the ransomware spread downstream to thousands of its customers' networks, prompting the U.S. government to launch a $10 million bounty for information that would bring the hackers to justice.
Weeks after the Kaseya attack, the company obtained the universal decryption key to allow its customers to skirt millions of dollars' worth of ransom payments to unlock their systems. According to The Washington Post, the FBI secretly obtained the key and was planning a takedown, which never happened, after the hackers vanished from the internet a short time after it was blamed for the Kaseya attack.
By October, the U.S. government said it was behind a multinational effort to force the gang offline, followed by arrests by Romanian and Russian law enforcement, which saw the group largely dismantled and millions of cash and cryptocurrency seized.
“Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has arrived in a Dallas courtroom to face justice,” said U.S. deputy attorney general Lisa Monaco in a statement. “When we are attacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be.”
Vasinskyi is one of two alleged REvil members that have been charged by U.S. prosecutors in relation to the Kaseya attack; the second is Russian national Yevgeniy Polyanin, 28.
Vasinskyi faces over 100 years in jail if convicted.