- A 24-year-old Ukrainian national has received a 13-year sentence for deploying the REvil ransomware in over 2,500 attacks
- Yaroslav Vasinskyi, also known as Rabotnik, utilized the Sodinokibi/REvil variant to encrypt data on thousands of computers
- He demanded over $700 million in cryptocurrency ransom payments, using various methods to conceal his booty
A 24-year-old Ukrainian national has been handed a 13-year sentence for deploying the devastating REvil ransomware and using it in over 2,500 attacks. Yaroslav Vasinskyi, known online as Rabotnik, utilized the Sodinokibi/REvil ransomware variant to encrypt data on thousands of victim computers, aiming to extort hefty ransom payments. Vasinskyi and his associates demanded over $700 million in cryptocurrency ransom payments, employing cryptocurrency exchangers and mixing services to conceal their profits.
$700 Million Demanded
Vasinskyi and his fellow hackers planted the REvil malware on thousands of computers in a spree lasting more than five years, encrypting data and rendering them inaccessible until a ransom is paid. The gang would demand astronomical sums exceeding $700 million in cryptocurrency from their victims, employing sophisticated tactics to conceal their ill-gotten gains. To add pressure on their targets, they resorted to publicly disclosing sensitive data when ransom payments were not forthcoming.
Vasinskyi was arrested in November 2021 in relation to the ransomware attack on Miami-based IT company Kaseya on July 2, 2021, which triggered the dissemination of REvil ransomware to “endpoints” across Kaseya customer networks. This resulted in the encryption of data on computers belonging to organizations worldwide that utilized Kaseya software.
The defendants purportedly embedded electronic notes in the form of text files on the victims’ computers following the deployment of Sodinokibi/REvil ransomware. These notes contained a web address directing victims to an open-source privacy network known as Tor, along with a link to a publicly accessible website where they could initiate file recovery.
Upon accessing either website, victims were presented with a ransom demand and provided with a virtual currency address for payment. Compliance with the ransom demand typically resulted in the defendants providing the decryption key, allowing victims to regain access to their files. However, failure to pay often led to the defendants either publicly disclosing the stolen data or claiming to have sold it to third parties, leaving victims unable to retrieve their files.
Ransomware Clampdown Led to Arrest
Some other notable attacks using this malware were on Travelex in 2020 and meat giant JBS in 2021, with the latter coming after Colonial Pipeline paid $4.5 million to regain access to its computers (85% of this was recovered). This led to US President Joe Biden calling for a clampdown on such activities.
Vasinskyi was sentenced to 13 years and seven months in prison and ordered to pay over $16 million in restitution.
