Alleged Kaseya Attacker Extradited to US

A Ukrainian man has been extradited to the United States to face criminal charges connected with the deployment of REvil Ransomware, also known as Sodinokibi.

Yaroslav Vasinskyi is accused of orchestrating ransomware attacks against multiple commercial targets in America. Alleged victims of the 22-year-old include the multi-national information technology software company Kaseya, which was hit in July 2021.

“In the alleged attack against Kaseya, Vasinskyi caused the deployment of malicious Sodinokibi/REvil code throughout a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to endpoints on Kaseya customer networks,” stated the Department of Justice’s Office of Public Affairs.

“After the remote access to Kaseya endpoints was established, the ransomware was executed on those computers, which resulted in the encryption of data on computers of organizations around the world that used Kaseya software.”

On the computers of his alleged victims, the defendant allegedly left a text file containing a ransom demand and a cryptocurrency address to which to send a ransom payment. Victims were offered a decryption key in exchange for the payment.

When a victim refused to comply with the ransom demand, Vasinskyi allegedly published data that he had stolen from them online or sold the stolen data to third parties. 

The defendant, whom US prosecutors allege has links to a ransomware gang connected with threat actors based in Russia, was taken into custody in Poland in October 2021.  Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *