What just happened? In another example of why (cyber)crime doesn’t pay, a Ukrainian hacker has been sentenced to 13 years and seven months in prison and ordered to pay $16 million over his involvement with the REvil ransomware group. Yaroslav Vasinskyi (aka Rabotnik) played a role in more than 2,500 ransomware attacks that cost targeted organizations and individuals more than $700 million.
Vasinskyi conducted thousands of ransomware attacks using the Sodinokibi/REvil ransomware, encrypting victims’ systems and demanding payments in return for the decryption key.
Vasinskyi and his co-conspirators also used double-extortion tactics: stealing data from the systems they encrypted, allowing them to further blackmail any victims who refused to pay up by threatening to post their sensitive information online.
“Deploying the REvil ransomware variant, the defendant reached out across the globe to demand hundreds of millions of dollars from US victims,” deputy attorney general Lisa Monaco said in a statement.
Vasinskyi, 24, was arrested on Poland’s border with Ukraine on October 8, 2021, and extradited to Dallas, Texas, in March 2022. He pleaded guilty to an 11-count indictment charging him with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering.
The Justice Department writes that in 2023, it obtained the final forfeiture of millions of dollars worth of ransom payments. It included 39.89138522 Bitcoin, valued at approximately $2.3 million, and $6.1 million that was traced to ransomware payments made to Vasinksyi and another REvil ransomware gang member, Yevgeniy Polyanin.
One of REvil’s best-known crimes was perpetrated against Kaseya’s VSA cloud-based system management platform – used for remote monitoring and IT management. The 2021 attack, which exploited a zero-day bug, is thought to have impacted over 1,500 businesses, hitting everything from pharmacies to gas stations.
REvil was also behind the attacks on JBS, for which the world’s biggest meat processor paid an $11 million ransom, and tech giant Acer.
REvil operates a ransomware-as-a-service plan in which it rents out the malware to other criminals for a cut of the victims’ payments. At one point, those renting the malware complained that REvil was stealing their ransoms.