2 May 2024

REvil hacker sentenced to 13 years for $700M ransomware spree


REvil hacker sentenced to 13 years for $700M ransomware spree

Yaroslav Vasinskyi, a 24-year-old Ukrainian national known as “Rabotnik,” was sentenced to 13 years and seven months in prison for his role in a large-scale Sodinokibi/REvil ransomware operation that responsible for thousands of ransomware attacks, collectively demanding a sum exceeding $700 million in ransom payments.

According to the authorities, Vasinskyi was the REvil affiliate, taking part in more than 2,500 ransomware attacks on organizations across the world, including the infamous July 2021 supply chain hack of US-based IT solutions developer Kaseya that affected thousands of companies, government bodies and other entities across the globe.

In the Kaseya ransomware hack the attackers exploited authentication bypass vulnerability (CVE 2021-30116) in Kaseya VSA servers, which allowed them allowed to circumvent authentication controls and executive commands via SQL injection. In addition to compromising Kaseya's customer database, the threat actors also targeted several of Kaseya's clients by pushing out the ransomware payload within a seemingly harmless software update.

In November 2021, Vasinskyi was arrested in Poland and extradited to the US where he pleaded guilty to multiple charges, including damage to protected computers and money laundering. Along with Vasinskyi, was indicted another REvil affiliate, Yevgeniy Polyanin,a Russian national. The authorities seized $6.1 million in funds traceable to alleged ransom payments received by Polyanin.

Besides the prison sentence, Vasinskyi was ordered to pay over $16 million in restitution for the damages incurred by his malicious activities.

Back to the list

Latest Posts

American Water shuts down online services after cyberattack

American Water shuts down online services after cyberattack

The company said that its core operations, particularly the safety of water and wastewater services, were not compromised.
8 October 2024
Raccoon MaaS operator pleads guilty in the US

Raccoon MaaS operator pleads guilty in the US

Mark Sokolovsky faces charges including computer hacking, fraud, identity theft, and money laundering.
8 October 2024
MoneyGram confirms hackers stole customer data

MoneyGram confirms hackers stole customer data

The impacted data included names, contact information, national identification numbers, Social Security numbers, and other information.
8 October 2024