In early May, a Ukrainian citizen, Yaroslav Vasinskyi, was sentenced to 13 years in prison and ordered to pay $16 million in compensation for carrying out a large number of malware attacks.
Yaroslav Vasinskyi (aka Rabotnik), a 24-year-old, as part of the hacker group REvil, orchestrated more than 2,500 attacks using the Sodinokibi/REvil ransomware, which encrypted victims’ systems and demanded huge payments in cryptocurrency for the decryption keys.
Vasinskyi and his accomplices also used a double extortion tactic: stealing data from encrypted systems, which allowed them to further blackmail victims who refused to pay by threatening to post their confidential information online.
“The co-conspirators demanded cryptocurrency ransoms and used cryptocurrency exchanges and mixer services to hide their illicitly gained proceeds. The Sodinokibi/REvil hackers also publicly disclosed their victims’ data when they were unwilling to pay ransoms.” – the U.S.Department of Justice (DoJ) said in a statement.
In March 2021, REvil encrypted Acer’s files and demanded that the corporation pay $50 million in Monero cryptocurrency. In April of the same year, the group attacked Apple’s main supplier – Quanta Computer. In June, REvil victimized the world’s largest meat processing company, JBS, which paid the hackers a ransom of $11 million in bitcoins. In July, REvil hacked Kaseya, demanding $50 million.
Vasinskyi was extradited to the U.S. in March 2022 after being arrested in Poland in October 2021.The hacker previously pleaded guilty to 11 charges, including conspiracy to defraud and related activities, damaging protected computers, and conspiracy to commit money laundering.
The Justice Department said it also secured the final forfeiture of millions of dollars in ransom payments from two related civil cases in 2023. This includes payments of 39,89138522 bitcoins and $6.1 million in ransoms allegedly received by the criminal group.
In late October, it was reported that U.S. intelligence agencies, with the support of a “foreign partner,” hacked into the servers of the Revil hacking group. After the hack, the scammers were forced to stop their activities and disappear from the darknet.
-
Official press release of the US Department of Justice: https://www.justice.gov/opa/pr/sodinokibirevil-affiliate-sentenced-role-700m-ransomware-scheme
