Yaroslav Vasinskyi, 22, was the person who was responsible for conducting a ransomware attack against Kaseya in July 2021. Kaseya is an IT software providing various products to customers for administration and remote troubleshooting purposes. In August 2021, charges against him were filed for infiltrating computer networks of several victim companies and deploying Sodinokibi/REvil ransomware to encrypt critical data.
The Attorney General Merrick B. Garland said, “When last year I announced charges against members of the Sodinokibi/REvil ransomware group, I made clear that the Justice Department will spare no resource in identifying and bringing to justice transnational cybercriminals who target the American people. That is exactly what we have done.
The United States, alongside our international partners, will continue to swiftly identify, locate, and apprehend alleged cybercriminals, capture their illicit profits, and bring them to justice.”
As the indictment denotes, Vasinskyi is held responsible for attacking Kaseya on July 2, 2021. He deployed the REvil ransomware code in one Kaseya’s products which resulted in the spread of ransomware too many Kaseya’s customers.
Once the Kaseya’s product with ransomware code is installed in their computers, it encrypts all the files inside the system and leaves a note providing a web address to a tor website and another publicly accessible website. Both of the websites will provide information on how much ransom must be paid for getting the decryption key.
If the victim pays the ransom, the decryption key is provided. If not, the files are encrypted forever. Following these activities, Vasinskyi is charged for Computer Fraud, damage to protected computers and money laundering. If the verdict is against him, he will face a prison sentence of 115 years. Vasinskyi is reported to have connections to a ransomware group in Russia.
“Vasinskyi, a Ukrainian national with ties to a ransomware group linked to Russia-based actors, was taken into custody in Poland where he remained held by authorities pending proceedings in connection with his requested extradition to the United States, pursuant to the extradition treaty between the United States and the Republic of Poland. Vasinskyi was transported to Dallas by U.S. law enforcement authorities where he arrived on March 3. He made his initial court appearance and was arraigned today in the Northern District of Texas.”
There are several law enforcement agencies involved in this operation including ” including Romania’s National Police and the Directorate for Investigating Organised Crime and Terrorism; Canada’s Royal Canadian Mounted Police; France’s Court of Paris and BL2C (anti-cybercrime unit police); the Dutch National Police; Poland’s National Prosecutor’s Office, Border Guard, Internal Security Agency, and Ministry of Justice; and the governments of Norway and Australia provided valuable assistance.”