What just happened? A Ukrainian national arrested in Poland last year who is alleged to be a key member of the notorious, Russia-linked REvil ransomware group has been extradited to the United States. Yaroslav Vasinskyi, 22, was arraigned in a Dallas federal court on Wednesday, where he is charged with computer hacking and fraud.
In October last year, it was reported that REvil accounted for a significant portion of Q2 2021 ransomware attacks, with government entities the biggest targets. Its best-known victim was Kaseya's VSA cloud-based system management platform---used for remote monitoring and IT management---which is thought to have impacted over 1,500 businesses. REvil was also behind the attacks on JBS, for which the world's biggest meat processor paid an $11 million ransom, and tech giant Acer.
REvil operates a ransomware-as-a-service plan in which it rents out the malware to other criminals for a cut of the victims' ransom; at one point, those renting the ransomware complained REvil was stealing their ill-gotten gains. In January, Russia claimed to have shut the group down, arrested 14 members, and seized millions of dollars in cash and assets.
Below is a video of the FSB's REvil raids pic.twitter.com/Oh7Ef2GpQO--- Catalin Cimpanu (@campuscodi) January 14, 2022
Vasinskyi was arrested in Poland on October 8, 2021, and brought to Dallas, Texas, on March 3. He is accused of accessing multiple victim firms' internal networks and installing REvil ransomware. The US Justice Department says he is responsible for the attack on Kaseya that exploited a zero-day bug.
The DOJ said Vasinskyi made $2.3 million from ransoms after demanding more than $760 million from companies infected by REvil's ransomware. He faces a 115-year sentence if convicted.
"Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has arrived in a Dallas courtroom to face justice," said U.S. deputy attorney general Lisa Monaco in a statement. "When we are attacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be."