Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



Ukrainian REvil Ransomware Affiliate Gets 13 Years in US Prison

Yaroslav Vasinskyi was sentenced to 13 years and seven months in prison for his alleged role in the REvil ransomware operation.

A Ukrainian national was sentenced to 13 years and seven months in prison in the US for his role in the REvil ransomware operation.

The man, Yaroslav Vasinskyi, 24, was arrested in Poland in October 2021, roughly four months after REvil, also known as Sodinokibi, was used in the massive attack on IT management software maker Kaseya, which impacted over 1,500 organizations. Vasinskyi was accused of being involved in the Kaseya attack. 

In March 2022, Vasinskyi was extradited to the US, where he had been charged with conspiracy to commit fraud, damage to protected computers, and conspiracy to commit money laundering. Vasinskyi pleaded guilty to the 11-count indictment.

According to court documents, Vasinskyi, also known as Rabotnik, launched over 2,500 attacks using the REvil ransomware, encrypting the data on victims’ computers, demanding a ransom from the victims in return for a decryption key, and laundering the proceeds using crypto exchanges and mixing services.

The Sodinokibi/REvil affiliates also stole victim data and used it for extortion, threatening to publish it online unless a ransom was paid. Vasinskyi and his co-conspirators allegedly demanded over $700 million in ransom payments from the victim organizations.

The US Department of Justice last year “obtained the final forfeiture of millions of dollars’ worth of ransom payments”, including 39 Bitcoin and $6.1 million in funds received by other members of the conspiracy.

In January 2022, Russia announced that it had cracked down on the REvil hacking group, that members of the ring had been charged, and that the group’s infrastructure had been liquidated, all at the request of the US.

New REvil implants continued to be seen months later, with some security researchers suggesting that the operation was likely returning, but that did not happen, at least not under the REvil name.

Advertisement. Scroll to continue reading.

Related: Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges

Related: Moldovan Operator of Credential Marketplace Sentenced to US Prison

Related: LockBit Ransomware Affiliate Sentenced to Prison in Canada

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights