Yaroslav Vasinskyi (22) is believed to be part of the REvil Ransomware gang that was behind multiple ransomware attacks against the United States including the Kaseya supply chain attack.

A Ukrainian national has been charged for ransomware attacks against American firms, including the devastating attacks on the Florida-based software vendor Kaseya in July 2021 for which the group had demanded a ransom of a whopping $70 million. The accused’s trial has now begun in the Northern District of Texas.

Trial for Kaseya Attacker Begins

The 22-year-old Yaroslav Vasinskyi from Ukraine is now facing trial in the USA. As per the US Department of Justice (DoJ), the accused accessed the internal computer networks of multiple companies and deployed REvil (also known as Sodinokibi) ransomware to encrypt data.

Alleged Ukrainian member of REvil Ransomware Gang extradited to US
Yaroslav Vasinskyi

Vasinskyi’s name appeared in a court indictment in August 2021 for carrying out some of the most devastating ransomware attacks against US companies and was extradited to the USA. He was presented before the court on Wednesday.

In October 2021, the accused was arrested in Poland and transported to Dallas, Texas, in March. Authorities seized US$6 million from him at the time of arrest, which officials claim was collected from ransom payments.

Accused Responsible for Attacks on Kaseya

According to the DoJ’s press release published March 9th, 2022, Vasinskyi breached Kaseya’s internal networks over the 4th July weekend in 2021. Along with his accomplices, the accused distributed REvil ransomware to at least 1,500 Kaseya customers, encrypted their data, and even caused forced shut down of their systems that lasted for days.

The accused allegedly left notes in a text file on the victims’ computer, which included a web address that redirected the victims to a Tor network URL to recover their files after paying the ransom in virtual currency. The decryption key was sent to only those who paid the ransom, while those who didn’t were punished by either leaking the stolen data online or selling them to third parties.

Though the impacted 1,500 businesses felt limited threat, the disruption of services was most severe in regions like Sweden and New Zealand, where hundreds of supermarkets remained closed because their cash registers were rendered inoperable and schools/kindergartens went offline.

[embedded content]
Press conference by The Justice Department on Nov 8, 2021, announcing arrests and charges against 2 Sodinokibi/REvil ransomware operators including Yaroslav Vasinskyi

More on REvil/Sodinokibi ransomware gang

  1. Russia ”neutralizes” REvil ransomware gang, arrests 14
  2. Spanish telecom giant MasMovil hit by Revil ransomware gang
  3. REvil gang hits UK ITSPs with series of extortion-based DDoS attacks
  4. Revil ransomware gang claims to breach US nuclear weapons contractor
  5. REvil hackers to leak photos of plastic surgery patients after massive hack

DoJ Won’t Spare “Transnational” Cybercriminals.

Attorney General Merrick B. Garland stated that the DoJ has pledged to “spare no resources” in bringing transnational cybercriminals to justice and make them repent targeting American people.

The United States, alongside our international partners, will continue to swiftly identify, locate, and apprehend alleged cybercriminals, capture their illicit profits, and bring them to justice. When we are attacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be.

Deputy Attorney General Lisa O. Monaco

Vasinskyi is charged with conspiring to commit fraud and other computer-related activities, causing damages to protected computers, and money laundering. If convicted for all charges, the defendant faces up to 115 years in prison.

Posted by Charlie