Yaroslav Vasinskyi, a 24-year-old Ukrainian national known as “Rabotnik,” was sentenced to 13 years and seven months in prison for his role in a large-scale Sodinokibi/REvil ransomware operation that responsible for thousands of ransomware attacks, collectively demanding a sum exceeding $700 million in ransom payments.
According to the authorities, Vasinskyi was the REvil affiliate, taking part in more than 2,500 ransomware attacks on organizations across the world, including the infamous July 2021 supply chain hack of US-based IT solutions developer Kaseya that affected thousands of companies, government bodies and other entities across the globe.
In the Kaseya ransomware hack the attackers exploited authentication bypass vulnerability (CVE 2021-30116) in Kaseya VSA servers, which allowed them allowed to circumvent authentication controls and executive commands via SQL injection. In addition to compromising Kaseya's customer database, the threat actors also targeted several of Kaseya's clients by pushing out the ransomware payload within a seemingly harmless software update.
In November 2021, Vasinskyi was arrested in Poland and extradited to the US where he pleaded guilty to multiple charges, including damage to protected computers and money laundering. Along with Vasinskyi, was indicted another REvil affiliate, Yevgeniy Polyanin,a Russian national. The authorities seized $6.1 million in funds traceable to alleged ransom payments received by Polyanin.
Besides the prison sentence, Vasinskyi was ordered to pay over $16 million in restitution for the damages incurred by his malicious activities.