REvil Suspect in Kaseya Hack Extradited to US

hacker on computer REvil suspect

The extradition of a suspect in the Kaseya attack last year was announced on Wednesday by the U.S. Department of Justice. The 22-year-old man from Ukraine was extradited to the United States to face charges in connection with several cyberattacks, including the far-reaching Kaseya hack.

The suspected REvil member appeared in court on Wednesday in the Texas Northern District on charges of fraud, money laundering, and breaking into and damaging secure computers. If found guilty, the judge can impose a total of 115 years in prison.

Russian-based Hacking Group Attack Kaseya

The attack took place in the summer of 2021 and kept authorities busy for months. Hackers had found a zero-day vulnerability in Kaseya’s VSA software. This is a program that customers use to remotely manage computer systems and servers of customers.

The vulnerability allowed the perpetrators to install Sodinokibi/REvil ransomware and attempt to extort money from victims. It is estimated that this happened at 800 to 1,500 companies in 17 countries.

The Department of Justice in the US stated that the Russian hacker group REvil — aka Sodinokibi — was responsible for the attack. The group demanded $70 million in ransom, to be paid in Bitcoin. The amount was never paid: Kaseya received the decryption key from an unknown party to disable the hostage-taking software.

Following this massive cyberattack, governments and law enforcement around the world clamped down on REvil, finally pushing the hackers offline for good.

The Investigation

In August 2021, investigative and law enforcement agencies tracked down Yaroslav Vasinskyi, the 22-year-old Ukrainian national. The FBI’s Dallas and Jackson Field Offices will continue to lead the investigation. Additionally, the Justice Department’s Office of International Affairs and the National Security Division’s Counterintelligence and Export Control Section are assisting in the investigation.

According to the U.S. Department of Justice, Vasinskyi is responsible for the ransomware attack against Kaseya. He ensured that the hostage-taking software ended up on the networks of Kaseya customers and files were placed under lock and key. Only when victims paid a ransom did they regain access to their data. If they did not, Vasinskyi threatened to sell the data to the highest bidder, officials said.

Vasinskyi was arrested in Poland, where he awaited extradition to the US. He was handed over to the Americans on Thursday, March 3.

The US Remains Committed to the Fight Against Hackers

“When I announced charges against members of the Sodinokibi/REvil ransomware group last year, I made it clear that the Department of Justice will spare no effort to track down and bring to justice transnational cybercriminals targeting the American people,” Attorney General Merrick B. Garland said of the case.

He promises that the U.S., along with international partners, will continue to identify, track and apprehend cybercriminals in order to seize their illegally obtained profits, and take them to court.

Security research coordinator
Kat is an IT security business consultant with experience in project management, process development, and leadership. She coordinates our team's research efforts in the field of cybersecurity, privacy, and censorship.