On March 3, 2022 Ukrainian hacker and REvil member Yaroslav Vasinskyi was extradited to the United States, and will be facing trial in Texas for his role in ransomware attacks against American companies. A statement by the U. S. Department of Justice (DOJ) reads: “Vasinskyi is charged with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering.” If he is found guilty, he could face up to 115 years in prison.
According to the indictment released last July by the DOJ, Vasinskyi has been part of REvil since at least 2019 and has launched around 2,500 attacks. Among these many attacks includes the July 2021 ransomware attack on the American software firm Kaseya.
The Kaseya ransomware attack
Kaseya is a Florida based company that primarily helps small to medium businesses (SMBs) across the world manage networks managing networks, systems, and information technology infrastructure.
Kaseya’s services are managed remotely by Kaseya Virtual Storage Appliance (VSA), which allows customers to use virtual machines for storage instead of buying hardware. On July 2, 2021 unusual behavior on the endpoints of clients’ networks was reported to Kaseya: it turned out hackers had found out a way to bypass the authentication of the VSA and distribute REvil ransomware through the hosts managed by the software. Within a few hours Kaseya shut down their VSA cloud servers and issued out a statement to its clients, however the damage had already been done. The effects of this attack were felt internationally; up to 1,500 companies across the world were affected. REvil took credit for the attack, and demanded $70 million for a decrypting key that would unlock all infected systems. Kaseya refused to pay the ransom, and in a statement made on July 22, 2021 the company declared that it had obtained a decryptor key from an anonymous third party, which was later revealed to have been the FBI.
Effects of the attack
The effects were felt by thousands of companies internationally. Virginia Tech University was affected, and many schools and kindergartens in New Zealand were also affected. In Sweden, the superstore chain Coop was unable to use its cash registers, and had to shut down its over 800 locations for a few days.
The US Government’s response
In August 2021, the US Department of Justice released an Indictment for Vasinskyi, connecting him as well as Russian hacker Yevgyeniy Polyanin with the Kaseya attack. In fall of 2021 Vasinskyi was arrested in Poland, and held there until his extradition to the US. While Vasinskyi is not a US citizen, the US government has made it clear that they will prosecute cybercriminals regardless of nationality. Attorney General Merrick Garland declared in a public statement: “The Justice Department will spare no resource in identifying and bringing to justice transnational cybercriminals who target the American people”.
Hopefully this trial will help dissuade international hackers from engaging in ransomware, as it is sad when a small group of malicious actors are able to cause such a disruption to thousands of innocent people across the world. Companies and individuals certainly do have a responsibility to ensure that they always use best security practices, however governments also have a responsibility to bring justice to hackers who do break into systems and cause harm to companies and individuals across the world.
References
Alleged Ukrainian hacker in US court after extradition from Poland (msn.com)
Alleged Ukrainian Member of REvil Ransomware Gang Extradited to US (hackread.com)
Kaseya ransomware attacker’s trial begins – Security – iTnews
Important Notice August 4th, 2021 – Kaseya
Kaseya denies paying ransom for decryptor, refuses comment on NDA | ZDNet (archive.org)
Up to 1,500 businesses affected by ransomware attack, U.S. firm’s CEO says | Reuters
Kaseya VSA ransomware attack – Wikipedia
REvil member accused of Kaseya ransomware attack arraigned in Texas (cyberscoop.com)
Interesting post! It is always good to hear about hackers being brought to justice. It is very scary when I read blogs about the harmful impacts hackers leave behind after they are successful in their attack. They truly affect multiple innocent lives and disrupt the flow of life. An example can be seen in your blog, where universities and schools in New Zealand were affected. I think Kaseya reacted very late and when they did everything was already hacked. Moreover, I find it very unprofessional from Kaseya that they immediately declined to pay the ransom, if it was not for the FBI the company would be in deep trouble. Anyways it is great to see that Yaroslav Vasinskyi has finally been caught and about to be brought to justice hopefully.
Very Interesting post , good to know some hackers get captured because the damage they cause is always big, effects affecting a large number of people. So, on my view, it depends on paying the ransomware, if the information obtained is as private as it is, then the ransomware should be paid, but if it is information is not at a high private level, then even I do not think it is important to pay the ransom.
Great post! Personally I found the sentencing ramifications really interesting. While its probably due to the fact that the US loves high sentences, I wonder what the reasoning is for a potential sentence longer then most murderers. On one hand, someone could argue that this crime was only financial in nature, and did not have any true victims, save for the bottom line of companies. However, depending on the victims (which it was quite difficult to find an official list of), there could have been real human impacts. For example, some of the listed victims, such as grocery stores, a public broadcaster, and a railway, all can be considered to be critical infrastructure. In fact, its interesting that he was only charged with the financial and hacking crimes while there could have been potential injuries, national security ramifications, or even deaths linked with the attack (say, if someone was not able to receive essential medication because the pharmacy was shut down). I’ll be interested to continue to follow this case as it progresses.
I can’t say for certain, but I’d imagine the high sentence is for 2 probable reasons beyond what you already mentioned. The first being the sheer number of people impacted, (800 stores being shut for multiple days alone is a lot, let alone everyone else), as well as of course the financial impact and cascading effects like people being unable to get essential medication, as you mentioned. Secondly, a 115 year sentence sends a pretty strong message to anyone thinking about engaging in ransomware or joining hacking groups, especially after an extradition, showing even international hackers that they are not out of reach of the arm of the law.
Great post! I agree it’s very tragic to see small businesses and innocent people get caught up in hacker attacks. When I initially saw the photo that you used for the hacker, I was shocked to see how young he looked, makes me wonder if young hackers who are clearly talented like him get a chance to be a part of cyber security and stuff like that. Also very interesting to see that they were actually able to catch him even if he was in a whole other country!
This is a great article. In developing nations, engaging in this kind of activity is usually low risk, high reward due to legalities not being streamlined or agreed upon from country to country, in order to prosecute this kind of behaviour. It’s usually extremely difficult to persecute these kinds of cases if the culprit resides in a country that’s not politically aligned to the west and is non-NATO and non-EU. Poland meets both criteria, thus making it possible to hold him accountable for his actions.
Great post! It’s crazy to see how this small hacking group was able to cause so many issues to tons of people and companies and at the same time, it’s sad. I was also very shocked to see how high the sentence in prison was as it is more than double a life sentence. Hopefully, this brings awareness to others about the consequences of launching cyberattacks on innocent people.
This is a shockingly high sentence for a non-violent crime, but I don’t think it’s unwarranted. Cybercrimes, just like cyberbullying or other cyber-“things”, are especially dangerous because of the disconnect between perpetrator and victim. While I cannot say whether this individual would rob somebody face to face, I do wonder if he would have committed these crimes if he had to face the damage he did directly. As you brought up in your post, many were affected by this who this man will never meet, and his actions had an impact far beyond what a regular criminal can achieve. While it’s always tempting to air on the side of leniency, especially for non-violence, I wonder at the message that would send for people to commit crimes with less personal guilt and greater negative impact. The risk of cybercrime becoming a “game,” and the ability of people to disconnect themselves from those at the other screen, makes these crimes as scary as they are impactful, so I can’t help but think strict sentencing is the right move here. As you said, one can only hope that it would dissuade others from following in his footsteps.
This is an excellent article! I believe that seeing small businesses and innocent people fall victim to hacking attacks is awful. When I first saw the hacker’s photo, I was taken aback by how young he appeared. It makes me question if young hackers with obvious talent, like him, get an opportunity to work in cyber security and similar fields. It’s also fascinating to see that they were able to apprehend him even though he was in another country! I was also taken aback by the length of the prison sentence, which was more than double that of a life sentence. Hopefully, this raises awareness among others about the dangers of initiating cyberattacks against unwitting targets.
Interesting post. It is awful to see how small businesses and innocent people were victim of this attack. It was clearly a financial attack as ransom was demanded, but it is shocking to see how high the sentence in prison was. Looking at the picture, the hacker seems pretty young. I wish he would have rather used his intelligence to make a positive impact. But it is good to see that the hackers have been brought to justice.
Thanks for sharing such an interesting post! It is horrible to see all the innocent people play victim to this attack. A small hacking group can cause so much damage to small businesses, with such a hefty ransom being demanded. I am not surprised how long the sentence in prison was because individuals have to start realizing that this is a serious crime. Seeing that he is only 22 years old, I wish he would’ve used his brilliant mind to make positive impact on our society.
This is an interesting post! While it is commendable to see the hacker brought to justice, the sentence is excessively high for such a non-violent crime. Admittedly the amount of people whose lives have been affected by his crime is enormous, but it is still not justified the sentence more severe than murder. The US must have taken this case as an example to cybercrime. In the past, nonviolent crimes have always been aired on leniency, thereby encouraging people to commit those type of crimes. Those criminals would be discouraged and reminded to think twice before committing the crime with the new approach and harsher sentence. While I feel sorry because he is so young, but the damage was devastated and he has to face consequence.
Interesting post! As you said, this trial will discourage hackers to engage in ransomware and bring awareness to hackers. These attacks also shows that how important cybersecurity is in this modern world of businesses as I read that the 1500 companies that were attacked are now out of business. I hope other countries also take cybersecurity matters seriously and try to bring justice to the people affected and take serious measures against hackers.
An interesting blog and what is pretty surprising for a few reasons: First, the fact that the Ukrainian individual appears to be young seems to indicate that these criminal cyber activities could be easy to learn and enticing for young people in more impoverished countries. Second, the FBI was the third-party that provided a new “key” to help the American software firm, which I find surprising. This points to the US federal agencies becoming more capable in cyber activities. However, this does mean that America’s cyber security community may be fragmented, with the NSA, FBI, and other cyber-oriented agencies all taking up cyber activities. Communication between these agencies will be important for future cyber operations. And finally, the fact that the US has said they “will prosecute cybercriminals regardless of nationality” appears to be paying off, though since this is Ukraine (and remembering the $800 million aid package the US is sending to Ukraine), how this will continue to work elsewhere will be a problem. This does point to the fact that the US is now taking cyber security issues far more seriously and such malicious cybercrimes will be treated similar to how terrorists were treated (minus the bombings, of course).
In all, this is post does show how far cyber issues have come and to what extent cybercriminals will be tracked down. However, I do not see that this will dissuade future attacks. It is still very difficult to ascertain ‘who’ orchestrated the attack (unless they are a knucklehead and brag about it).
Great post! It is good to see justice being brought to a hacker as it seems that they are often anonymous and hard to capture. I am interested in how the FBI was able to obtain a decryption key but I guess that is exactly what the FBI is for. With how long the sentence is hopefully it will deter other individuals from engaging in ransomware attacks. The hacker being only a year older than me is sad to think about as he will probably not live outside of a jail cell for the rest of his life. He could have used his skills as a bug bounty hunter and it is unfortunate to see them being used for malicious purposes.
Hey, great post! After reading your post, one thing was clear to me and that is companies need to stop centralizing all of their data to one source. As your post mentioned, a single attack had an international impact where it affected organizations thousands of miles away. Additionally, I was surprised at how young this individual is. The fact that his life has to come to this is quite sad. It is almost a wasted potential considering the feat he was able to achieve. I think he would have made a great programmer and security consultant. Finally, I was surprised that he got arrested in Poland considering he would have a better opportunity in Russia since they don’t really extradite one of their own such as Jullian Assange who remained in Russia without ever being extradited. Overall, your post was really good and I learned a lot from it.
Very interesting post! I agree with you that government also have a responsibility to bring justice to hackers who cuased harm to companies and individuals. We need to show hackers with malicious intention that causing harm to innocent companies and individuals will be brought to justice. Before I read this post, it seems to me that many hacker group seems to get away easily and not being caught. I know it is extremely hard to identify cybercriminals and it require exntensive amount of reousrces. It is good to hear that Justice Department will spare no resources in identifying and bringing to justice transnational cybercriminals. I believe that it is important to collaborate between countries to catch such transnational cybercriminals.
This is a fantastic article! The implications of the sentence sparked my interest. I’m curious as to why the penalty is so severe compared to most murderers. I believe it has something to do with the tech companies, as they have suffered significant financial losses as a result of these attacks. The hacker appears to be rather young in the photo. I wish he had used his intelligence to make a better world for all of us. Nevertheless, it is encouraging to learn that the hackers have been arrested.
Ransomware such as these are bound to affect a lot of people and make their lives miserable. Murderers should have severe penalties for sure, but if someone does a crime where thousands of people can be affected all at once, that person should get an equally severe or worse penalty.
Great Post! Vasinskyi was charged in the indictment with breaking into the victim companies and installing encryption software developed by the core REvil ransomware hacking group. REvil directly handled the ransom negotiations and split the profits with Vasinskyi and other affiliates. This model allowed the notorious ransomware gang to extort numerous companies for cryptocurrency.
Very interesting read.
What I thought of when reading this article was how Vasinskyi was extradited to the US. Surely Ukrainian citizens dont fall within US jurisdiction. What if Ukraine refused to extradite him?
What if this was another country who is not so friendly towards the United states, Say for example a Chinese hacker did this exact same thing. Who could force China to extradite one of it’s own citizens to the US for crimes that don’t fall under Chinese Law?
Awesome post!
It is quite disappointing that see that innocent, small companies suffer the consequences of these hackers during the war. I was surprised to read that if he is found guilty, that he could face up to 115 years in prison. This just goes to show that the DOJ along with the government officials take these cyber attacks extremely serious. I agree with you that hopefully Vasinskyi’s trail will be a warning to other international hackers to not engage in cyber activities, as the consequences are severe.
Good Post! This post has a decently large number of comments already so apologies if some of my observations here have already been said. It is rather interesting to see that the FBI themselves helped this company obtain a decryption key. It certainly is a case of a government agency taking an active stance to help out a private company. In this case, I support the FBI’s decision to help out as the requested ransom of 70 million dollars is extremely high, and the affected systems were schools, and grocery stores (which are rather essential services). Considering this event, I am curious to see how government agencies handle cybersecurity in the future, it seems that as of recently (regarding the recent surge of cyberattacks originating from Russia), governments are taking a more active and up-to-date role in handling cybersecurity.
Its interesting that it was the FBI that provided the decryption key to Kaseya, and within a few hours no less. I wonder if this is a commonplace practice, and if there is more decryption tech or secrets held by the FBI that we don’t know anything about.
Really interesting post, though. Its kind of too bad that so much of cybersecurity relies on extradition to gain enforcement, especially since extradition is both legally (and arguably morally) a bit of a difficult process to pull off. Glad that they caught this hacker though.
It scary to see how much impact a hacker can have all over the world. The idea of schools, kindergartens, universities and a whole superstore chain not being able to operate because of this attack shutting down their cash registers sounds crazy. I also think it’s interesting that the anonymous 3rd party that gave the decryption key was the FBI, I wonder if that happens often.
Great post! It really blows my mind to think about the power these small group can often have in disruption so many lives. I recently did some research on hack for my uneasy and another unfortunate thing I noticed was that often times when these hackers are caught they can strike deals to “switch sides”. Hackers can agree to reducing their sentence with deals that allow them to actually help counter attacks similar to what they put out. Now since this was a ransom attack I’m don’t believe he’ll be able to strike that type of deal and technically if he does he would be “helping” but I do hope he serves his time. This type of attack also shows the many vulnerabilities in our everyday systems which I hope after this governments will address.
Awesome post! It is unfortunate that this boy is so young and can spend his whole life behind bars because of such fraudulent work. I never thought people can get extradited to other countries and be locked in prison for any crimes. I am not surprised to see these ransomware attacks though, it is really common in this technological age. Since this guy knows how to target the vulnerabilities of a system, I believe instead of putting him in prison his whole life, he should be put to work somehow (to improve the security of systems, for example). This person definitely has a lot of knowledge but has not put it to right use, the US government should extract that skill from him somehow and put him to good use as a way of repentance as well.