Ukrainian hacker linked to REvil group extradited to the United States
A Ukrainian national, linked to the Russia-based REvil ransomware group (aka Sodinokibi), has been extradited to Texas to face US charges for his alleged role in conducting one of the most severe ransomware attacks against US targets, including Florida-based software provider Kaseya last July.
The 22-year-old Yaroslav Vasinskyi was arrested in Poland on October 8 and held until he was extradited and arraigned on Wednesday in a Dallas federal court to face accusations of fraud, money laundering, and file-encrypting malware attacks against several companies.
According to an August 2021 indictment, which was unsealed this week, Vasinskyi accessed the internal computer networks of several victim companies and deployed REvil ransomware to encrypt the data on their computers.
The Justice Department said the defendant hacked into Kaseya during the July 4 weekend last year via a supply chain attack that targeted 1,500 customers across the globe, encrypting their data and forcing hundreds of businesses to shut down for days. REvil demanded a bitcoin ransom in exchange for gaining back access to the locked files. REvil directly handled the ransom negotiations and split the profits with affiliates such as Vasinskyi.
The company obtained the universal decryption key to unlock their systems weeks after the Kaseya attack. The FBI obtained the key secretly and planned a takedown, but it never happened since the hackers vanished from the internet.
In October, the US government launched a multinational operation to find the gang offline, followed by arrests by Romanian and Russian authorities eight months after the ransomware attack on Kaseya. Vasinskyi was transported to Dallas by US law enforcement authorities on March 3. If Vasinskyi is convicted, he could face more than 100 years in prison.
The Russian-speaking REvil gang was once one of the most active and prolific ransomware groups, encrypting victims’ computers in exchange for frequently huge ransom demands. They offered ransomware-as-a-service, allowing affiliates to rent access to their infrastructure for a percentage of the profits. Last year, REvil was involved in an attack on JBS SA, the world’s largest meatpacker.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Securing the AI-Driven WorldSponsored by Checkpoint
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543