An affiliate of the REvil ransomware group, Yaroslav Vasinskyi, known as Rabotnik, received a 13-year and seven-month prison sentence from a US court.
This ruling followed his conviction for orchestrating over 2500 ransomware attacks, demanding a staggering $700 million in ransom payments, and inflicting significant damage on protected computers.
Vasinskyi’s modus operandi involved hacking into victim computers and deploying the REvil ransomware variant to encrypt their data. Consequently, he would then demand payments in cryptocurrency in exchange for a decryption key. To cover his tracks, Vasinskyi utilized crypto exchanges and mixing services to obscure the flow of illicit funds.
Legal Proceedings
In the Northern District of Texas, Vasinskyi pleaded guilty to 11 counts, including conspiracy to commit fraud, damaging computers, and money laundering. His guilty plea and subsequent sentencing followed a thorough global law enforcement investigation.
FBI Director Christopher Wray said the conviction and sentencing of Vasinskyi demonstrates that the US has the capabilities to ensure cybercriminals will face consequences for their actions if they attack US organizations, wherever they are in the world.
“We will continue to relentlessly pursue cyber criminals like Vasinksyi wherever they may hide, while we disrupt their criminal schemes, seize their money and infrastructure, and target their enablers and criminal associates to the fullest extent of the law,” he commented.
Impact of REvil
The REvil ransomware group, based in Russia, gained notoriety for its high-profile attacks on critical infrastructure entities in the United States between 2019 and 2021. These attacks included the infamous breach of Colonial Pipeline in May 2021, which disrupted major fuel supplies along the East Coast. Another significant target was JBS, a meat processing giant, which admitted paying an $11 million ransom to REvil after falling victim to the group’s attacks.
While Russian authorities dismantled REvil’s infrastructure and arrested its members in January 2022, the repercussions of its operations continue to reverberate. Despite the takedown, affiliates of the group may still be active in the ransomware ecosystem, posing ongoing threats to cybersecurity worldwide.