A Ukrainian citizen has been condemned to over 13 years behind bars and instructed to reimburse $16 million for executing numerous ransomware assaults and extorting victims.
Yaroslav Vasinskyi (also known as Rabotnik), aged 24, together with his collaborators linked to the REvil ransomware syndicate, coordinated more than 2,500 ransomware incidents and demanded ransom sums in cryptocurrency reaching over $700 million.
“The collaborators demanded cryptocurrency ransom payments and utilized cryptocurrency exchange services and blending facilities to obscure their unlawfully obtained profits,” declared the U.S. Department of Justice (DoJ).
“In order to escalate their ransom demands, Sodinokibi/REvil collaborators also publicly divulged their victims’ data when the victims refused to meet ransom demands.”
Vasinskyi was extradited to the U.S. in March 2022 subsequent to his apprehension in Poland in October 2021. REvil, before officially ceasing operations in late 2021, was accountable for a sequence of prominent assaults on JBS and Kaseya.
He had previously admitted guilt in the Northern District of Texas to an 11-count indictment charging him with conspiracy to perpetrate fraud and associated activities related to computers, destruction of safeguarded computers, and conspiracy to execute money laundering.
The Justice Department further mentioned that it had secured the conclusive forfeiture of millions of dollars’ value of ransom payments secured through two associated civil forfeiture lawsuits in 2023. This includes 39.89138522 Bitcoin and $6.1 million in U.S. dollar funds, which have been tracked back to purported ransom payments obtained by other members of the conspiracy.
Vasinskyi, along with Russian citizen Yevgeniy Polyanin, was subjected to sanctions by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) in November 2021 as part of broader government-wide initiatives to counter ransomware.
This development unfolds weeks after the DoJ indicted a 37-year-old Moldovan citizen, Alexander Lefterov (also known as Alipako, Uptime, and Alipatime), for managing a botnet encompassing thousands of compromised computers across the U.S. from March 2021 through November 2021, which were then monetized by vending the access to other threat actors for disseminating malware, including ransomware.
“Lefterov and his co-conspirators filched victims’ login credentials—namely, usernames and passwords—from the infected computers and then utilized the credentials to access victim accounts at financial institutions, payment processors, and retail outlets as a method to pilfer money from the victims,” the agency detailed.
Legal documents reveal that the compromised computers could be accessed directly using a concealed virtual network computing (hVNC) server without the victims’ awareness, thereby enabling Lefterov et al to log in to their online accounts.
