US Courts Sentenced REvil Ransomware Mastermind for $700 Million Extortion

Today, the US government announced a nearly 14 years in prison sentence for Yaroslav Vasinskyi, a Ukrainian citizen, for orchestrating a series of ransomware attacks.

Vasinskyi must also pay over $16 million in restitution as part of his sentencing. The restitution reflects the severity of his cybercrimes, which demanded over $700 million in ransom payments.

Global Collaboration Key to Thwarting REvil’s Ambitions

Vasinskyi, who used the alias Rabotnik, was a key player in deploying the notorious Sodinokibi/REvil ransomware. This malware encrypts data on victim computers worldwide. Moreover, it leveraged the decryption keys to extort massive sums, predominantly in cryptocurrency.

Among the high-profile targets of REvil was Miami-based software provider Kaseya. Following their attack on the company, the group requested $70 million in Bitcoin (BTC).

Read more: Top 5 Flaws in Crypto Security and How To Avoid Them

Attorney General Merrick B. Garland emphasized the significance of this sentencing. He also highlights the collaborative efforts of international law enforcement agencies to bring cybercriminals like Vasinskyi to justice.

“As this sentencing shows, the Justice Department is using all tools at our disposal … to capture illicit profits and hold perpetrators accountable,” Garland said.

One notable instance of this international cooperation occurred in March 2022. At that time, Russian authorities raided REvil operatives at the behest of the US. Specifically, in Vasinskyi’s case, the Justice Department’s Office of International Affairs worked with Polish authorities to secure his extradition.

Furthermore, FBI Director Christopher Wray shared insights into the cooperative efforts that led to Vasinskyi’s capture. He also affirmed the FBI’s ongoing commitment to dismantling the infrastructure and networks that support such cybercriminal activities.

“We will continue to relentlessly pursue cyber criminals like Vasinksyi wherever they may hide, while we disrupt their criminal schemes, seize their money and infrastructure, and target their enablers and criminal associates to the fullest extent of the law,” Wray noted.

Vasinskyi’s operations involved over 2,500 ransomware attacks, crippling thousands of computers globally. These acts jeopardized the data integrity of affected systems and posed severe financial threats to the victims, ranging from private individuals to large corporations. When the victims had yet to pay the ransom, Vasinskyi and his accomplices did not hesitate to release sensitive data.

The proceedings against Vasinskyi culminated in his guilty plea to an 11-count indictment in the Northern District of Texas. This indictment included conspiracy charges to commit fraud and money laundering, among others.

This development came after the FBI issued a joint warning about Akira ransomware. The group is responsible for attacks on over 250 businesses and critical infrastructure entities since March 2023. The attacks have primarily occurred in North America, Europe, and Australia.

As of January 1, 2024, the Akira group has amassed an estimated $42 million in ransom payments. Furthermore, the group would ask its victim to pay the ransoms in Bitcoin, sending them to provided crypto wallet addresses.

Read more: Top Cryptocurrency Scams in 2024

Total Value Received by Ransomware Attackers (2019 – 2023). Source: Chainalysis

Separately, a Chainalysis report from February 2024 reveals that ransomware attacks intensified in 2023, with victims extorted to $1 billion. This further highlights the growing cyber threat organizations are facing and the need to step up their cyber defenses.