REvil hacker behind Kaseya ransomware attack gets 13 years in prison

Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation.

According to the U.S. Department of Justice, Vasinskyi, also known by his alias "Rabotnik," was involved in over 2,500 REvil (Sodinokibi) attacks demanding ransom payments surpassing $700 million.

The cybercriminal and his co-conspirators engaged in double extortion, where they stole corporate data and then threatened to leak it publicly if the victim did not pay a ransom.

"Yaroslav Vasinskyi and his co-conspirators hacked into thousands of computers around the world and encrypted them with ransomware," stated Nicole M. Argentieri, head of the Justice Department's Criminal Division.

"Then they demanded over $700 million in ransom payments and threatened to publicly disclose victims' data if they refused to pay."

Vasinskyi was arrested in October 2021 while trying to enter Poland and was charged with conspiracy to commit fraud, intentional damage to a protected computer, and conspiracy to commit money laundering.

Law enforcement linked the long-term REvil affiliate to the Kaseya supply-chain ransomware attacks, which impacted over 1,500 companies worldwide.

At the time, REvil affiliates leveraged a zero-day flaw in Kaseya VSA, a remote monitoring and management (RMM) software used primarily by managed service providers (MSPs).

This flaw allowed the threat actors to simultaneously push encryptors to thousands of companies, causing one of the largest ransomware incidents in history.

In March 2022, the cybercriminal was extradited to the United States to stand trial for his actions, including at least nine confirmed ransomware attacks against U.S.-based organizations.

The maximum potential sentence for all counts was 115 years in prison plus forfeiture of all property and financial assets.

The 24-year-old ransomware affiliate subsequently pleaded guilty to the 11-count indictment and was sentenced to roughly a tenth of the maximum sentence by the Northern District of Texas court. Vasinskyi will also have to pay $16,000,000 in restitution.

The U.S. DoJ announcement also highlighted the seizure of another 39.89138522 Bitcoin and $6.1 million related to ransom payments and operations indirectly linked to Vasinskyi.

REvil was one of the most successful ransomware operations in recent history, reaching its peak in 2021 with the Kaseya MSP supply-chain attack, a $50 million ransom demand from computer maker Acer, and blueprint leaks of unreleased upcoming Apple devices.

The ransomware-as-a-service shut down in October 2021 following the hijacking of its Tor sites and increased law enforcement efforts in Russia, eventually leading to several arrests a couple of months later.