REvil member allegedly behind Kaseya attack extradited to US

midian182

Posts: 7,902   +82
Staff member
What just happened? A Ukrainian national arrested in Poland last year who is alleged to be a key member of the notorious, Russia-linked REvil ransomware group has been extradited to the United States. Yaroslav Vasinskyi, 22, was arraigned in a Dallas federal court on Wednesday, where he is charged with computer hacking and fraud.

In October last year, it was reported that REvil accounted for a significant portion of Q2 2021 ransomware attacks, with government entities the biggest targets. Its best-known victim was Kaseya's VSA cloud-based system management platform—used for remote monitoring and IT management—which is thought to have impacted over 1,500 businesses. REvil was also behind the attacks on JBS, for which the world's biggest meat processor paid an $11 million ransom, and tech giant Acer.

REvil operates a ransomware-as-a-service plan in which it rents out the malware to other criminals for a cut of the victims’ ransom; at one point, those renting the ransomware complained REvil was stealing their ill-gotten gains. In January, Russia claimed to have shut the group down, arrested 14 members, and seized millions of dollars in cash and assets.

Vasinskyi was arrested in Poland on October 8, 2021, and brought to Dallas, Texas, on March 3. He is accused of accessing multiple victim firms' internal networks and installing REvil ransomware. The US Justice Department says he is responsible for the attack on Kaseya that exploited a zero-day bug.

The DOJ said Vasinskyi made $2.3 million from ransoms after demanding more than $760 million from companies infected by REvil’s ransomware. He faces a 115-year sentence if convicted.

“Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has arrived in a Dallas courtroom to face justice,” said U.S. deputy attorney general Lisa Monaco in a statement. “When we are attacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be.”

h/t: TechCrunch

Permalink to story.