REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison
An affiliate of the notorious REvil ransomware-as-a-service (RaaS) group has been sentenced to 13 years and seven months in prison by a US court.
The Ukrainian national Yaroslav Vasinskyi, also known as Rabotnik, aged 24, was also ordered to pay over $16m in restitution for his role in conducting over 2500 ransomware attacks and demanding over $700m in ransom payments from victims.
Vasinskyi had pleaded guilty in the Northern District of Texas to an 11-count indictment charging him with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering.
Court documents stated that Vasinskyi hacked into victim computers and deployed the REvil ransomware variant to encrypt their data, before demanding a payment in exchange for a decryption key.
These payments were demanded in cryptocurrency, with crypto exchanges and mixing services used to try and cover the tracks of these illicit funds.
REvil operators would publicly expose their victims’ data if the ransom demand was not met.
The sentencing of Vasinskyi follows a global law enforcement investigation that resulted in his extradition from Poland to the US to face charges.
FBI Director Christopher Wray said the conviction and sentencing of Vasinskyi demonstrates that the US has the capabilities to ensure cybercriminals will face consequences for their actions if they attack US organizations, wherever they are in the world.
“We will continue to relentlessly pursue cyber criminals like Vasinksyi wherever they may hide, while we disrupt their criminal schemes, seize their money and infrastructure, and target their enablers and criminal associates to the fullest extent of the law,” he commented.
Read here: Russian Man Handed Nine-Year Sentence for Hacking Scheme
REvil, a Successful Ransomware Operator
REvil was a Russia-based RaaS group linked to numerous high-profile attacks on critical infrastructure entities in the US in the period 2019-2021.
This included the attack on Colonial Pipeline in May 2021, which took the major East Coast fuel pipeline offline for several days.
Colonial subsequently paid the ransom demand, although the majority of these funds were successfully seized by the US government.
Meat processing giant JBS also admitted paying REvil an $11m ransom in June 2021 after being hit by the gang.
In January 2022, Russian authorities took down REvil’s infrastructure, arrested its members and seized their assets, effectively putting an end to its operations. However, many of the group’s affiliates are likely still active in the ransomware ecosystem.