On November 8, 2021, the US Department of Justice announced the detention of 22-year-old Ukrainian Yaroslav Vasinskyi. He is accused of numerous ransomware attacks against US companies, including an attack against the tech company Kaseya, as stated in the official report of the agency.

  • The agency also announced the seizure of $6.1 million in ransomware payments that had previously been made by victims of the Sodinokibi/REvil attacks.
  • Another accused is 28-year-old Russian Yevgeniy Polyanin. According to the indictments, Vasinskyi and Polyanin accessed the internal computer networks of several victim companies and used Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies. And then, they demanded money in exchange for access to the data. In total, Vasinskyi managed to carry out approximately 2,500 ransomware attacks globally using Sodinokibi/REvil, while Polyanin was responsible for some 3,000 such attacks.
  • Vasinskyi has been taken into custody in Poland, where he remains held by authorities pending proceedings in connection with his requested extradition to the United States. Polyanin has been indicted. The ministry thanked the National Police of Ukraine and the Prosecutor General’s Office of Ukraine for their assistance. According to the agency, in Romania, in cooperation with local law enforcement authorities, it has arrested two other Sodinokibi/ REvil actors.
  • Many agencies, particularly the FBI, were working to identify the hackers behind the Sodinokibi/REvil attacks. According to the agency, Vasinskyi has spent a lot of time hiding under different names to avoid identification.
  • He is particularly accused of attacking the international IT company Kaseya in the summer of 2021. According to court documents, Vasinskyi used Sodinokibi/REvil malware to gain access not only to Kaseya’s network but also to that company’s end-user networks. The malware employed by the accused caused customer data to become encrypted, effectively locking those globally affected clients out of their own systems. About 1,500 businesses were affected during this attack. The total ransom demanded exceeded $70 million.
  • Vasinskyi and Polyanin are charged with fraud and money laundering. If convicted of all counts, each faces a maximum penalty of 115 and 145 years in prison, respectively.