Alleged REvil suspect extradited on ransomware spree charges
Little doubt about US federal court outcome
A Ukrainian national alleged to be a member of the REvil ransomware gang has been extradited to the US and charged with multiple criminal offences.
Yaroslav Vasinskyi, 22, was charged in the US District of Northern Texas with carrying out ransomware attacks against 10 US-based organisations. The indictment [PDF] was unsealed last night.
According to the unsealed complaint, prosecutors say he co-authored the Sodinokibi ransomware variant, as deployed by the infamous REvil crew.
The US Department of Justice alleged the Ukrainian used a variety of online nicknames including Profcomserv, Robitnik and Yarik45.
- Ukrainian cops nab husband and wife suspected to be part of $1m ransomware operation
- Ukrainian cuffed, faces extradition to US for allegedly orchestrating Kaseya ransomware infection
- Russia starts playing by the rules: FSB busts 14 REvil ransomware suspects
- Unhappy customers and their own tricks used against them, REvil ransomware gang reportedly pulled offline by 'multi-country' operations
Prosecutors also alleged that he "accessed the internal networks" of REvil's targets to deploy Sodinokibi during July 2021.
Vasinskyi was arrested on Poland's border with Ukraine last year. (Poland has a US extradition treaty.) Before his extradition, the US DoJ boasted of seizing $6.1m worth of ransomware payments (valued in November 2021). The suspect was transported to the US, having lost his bid to block extradition, on 3 March – just days after Russia's invasion of Ukraine.
So far there is no fresh news about Vasinskyi's co-accused, Russian national Yevgeniy Polyanin, 28, also alleged to be part of the REvil gang. The two were arrested by Ukrainian police with direct involvement from UK and US law enforcement agencies.
Before the Russian invasion of Ukraine, arrests of alleged ransomware criminals were already increasing. Authorities there made steady progress over last year and the early part of this year in identifying and nicking suspects. Naturally, the Russian invasion means that has all come to an end as Ukrainians, honest and dodgy alike, fight for their country's survival.
Russia itself arrested 14 members of REvil in mid-January, a month before its invasion of Ukraine and heavy sanctioning by the West.
At the time, onlookers attributed the move to personal pleas made by US president Joe Biden to Russian leader Vladimir Putin last year.
It seems like a safe bet that those Russian suspects won't be extradited to Western countries any time soon. A cynic may wonder if their skills will be co-opted by Russia's intelligence agencies and the charges quietly dropped in return.
While the outcome of federal trials in the US is almost always a conviction – the country's prosecutors boast of a 99 per cent conviction rate at trial, bolstered by widely condemned plea-bargaining tactics – if Vasinskyi truly is a member of REvil and co-authored Sodinokibi, few tears will be shed on his behalf. ®