REvil member accused of Kaseya ransomware attack arraigned in Texas
The Justice Department extradited and arraigned a member of the REvil ransomware group accused of conducting multiple ransomware attacks, including the July attack against Florida-based IT and security firm Kaseya.
Yaroslav Vasinskyi, 22, is one of two REvil members the Justice Department indicted for the attack in August 2021. U.S. officials announced charges against Vasinskyi and Russian national Yevgeniy Polyanin in November.
Vasinskyi was arrested on Oct. 8 in Poland and held there before extradition to the United States. When authorities announced his arrest, they also announced the seizure of $6.1 million in funds traced to ransomware payments from the attacks. He made his initial appearance in a Texas court on Wednesday, where he was arraigned.
Vasinskyi allegedly deployed malicious code belonging to the REvil ransomware gang (also referred to as Sodinokibi) through a Kaseya product, leading it to spread to customer computers. Vasinskyi left victims a ransom demand for virtual currency in exchange for a key to decrypt their files.
The attack on Kaseya led to the breaches of more than 1,500 of the company’s clients, including schools in New Zealand, a major Swedish grocery chain and two Maryland towns. Three weeks after the attack, the FBI provided Kaseya a decryption key to help hundreds of victims to recover their files.
“When last year I announced charges against members of the Sodinokibi/REvil ransomware group, I made clear that the Justice Department will spare no resource in identifying and bringing to justice transnational cybercriminals who target the American people,” Attorney General Merrick Garland said in a statement. “That is exactly what we have done. The United States, alongside our international partners, will continue to swiftly identify, locate, and apprehend alleged cybercriminals, capture their illicit profits, and bring them to justice.”
The FBI also accuses REvil of being behind a May attack on meat supplier JBS. Between April 2019 and June 2021, REvil affiliates generated some $200 million in ransomware payments in the U.S. and elsewhere, according to the FBI. The FBI seized a separate $2.3 million worth of cryptocurrency from a hacker affiliated with the REvil ransomware gang in August.
Vasinskyi faces 115 years in prison on charges of computer fraud, conspiracy to commit money laundering and damage to protected computers.