Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware

A Ukrainian hacker has been sentenced to almost 14 years in prison for infecting thousands of victims with REvil ransomware and demanding over $700 million in ransom payments.

Yaroslav Vasinskyi, 24, was ordered to pay more than $16 million in restitution for his role in the REvil attacks, according to the statement by the U.S. Department of Justice. 

REvil, also known as Sodinokibi, is a notorious Russian-speaking ransomware gang that drew attention for targeting high-profile individuals including Lady Gaga and Donald Trump.

According to court documents, Vasinskyi, aka Rabotnik, in cooperation with other members of the group, hacked into over 2,000 computers around the world and encrypted them with ransomware. They then demanded over $700 million in ransom payments and threatened to publicly disclose victims’ data if they refused to comply.

Among other hacks, Vasinskyi was responsible for the attack on Florida-based software provider Kaseya in 2021. Used primarily by managed service providers (MSPs), Kaseya’s servers allowed the suspect to deploy the REvil ransomware inside the internal networks of thousands of companies across the world, which had hired the MSPs to provide remote IT management solutions.

The attack was devastating and led to a meeting of the White House National Security Council, talks between the Russian and U.S. president, and the shutdown of REvil’s infrastructure a week later.

Vasinskyi was detained by Polish authorities at a border station while crossing from Ukraine into Poland in 2021 and was extradited to the U.S. the following year. He later pleaded guilty to charges including fraud, damage to protected computers, and money laundering.

In 2023, the Justice Department secured the forfeiture of millions of dollars’ worth of ransom payments through two related civil cases. These cases involved almost 40 bitcoin and $6.1 million traceable to alleged ransom payments received by Vasinskyi and another alleged REvil member, Russian national Yevgeniy Polyanin. Vasinskyi and Polyanin were sanctioned by the U.S. Treasury Department in 2021.

“Vasinskyi’s sentence should serve as a reminder to ransomware actors everywhere: we will track you down and bring you to justice,” said Nicole M. Argentieri, head of the Justice Department’s Criminal Division.

“The FBI’s close collaboration with our worldwide partners has again ensured that a cybercriminal who thought he was beyond our reach faces the consequences of his actions,” said FBI Director Christopher Wray. 

“We will continue to relentlessly pursue cyber criminals like Vasinskyi wherever they may hide, while we disrupt their criminal schemes, seize their money and infrastructure, and target their enablers and criminal associates to the fullest extent of the law.”