Accused Kaseya Ransomware Attacker Sentenced To 13-Plus Years
Yaroslav Vasinskyi, 24, must also pay more than $16 million in restitution.
Yaroslav Vasinskyi, a Ukrainian national accused in the July 2, 2021, ransomware attack against MSP tools vendor Kaseya, has been sentenced in the United States to 13 years and seven months in prison for his role in more than 2,500 ransomware attacks.
Vasinskyi – a 24-year-old whose aliases include Rabotnik, Profcomserv and Yarik45, and who pleaded guilty in 2022 – must also pay more than $16 million in restitution for conducting those attacks, during which he demanded more than $700 million in ransom payments, according to a statement Wednesday from the U.S. Department of Justice.
“Yaroslav Vasinskyi and his co-conspirators hacked into thousands of computers around the world and encrypted them with ransomware,” Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division, said in the statement. If targeted organizations refused to pay, the attackers “threatened to publicly disclose victims’ data.”
She continued: “Although the conspirators attempted to cover their tracks by laundering the payments from victims, Vasinskyi could not hide from law enforcement. Vasinskyi’s sentence today should serve as a reminder to ransomware actors everywhere: we will track you down and bring you to justice.”
[RELATED: UnitedHealth Pays $22M To Ransomware Group Behind Change Healthcare Cyberattack: Reports]
Kaseya Ransomware Attack
CRN has reached out to Kaseya and the U.S. Department of Justice for comment.
As part of his attacks, Vasinskyi used the REvil ransomware variant, also called Sodinokibi, according to the DOJ. He and his co-conspirators demanded ransom payments in cryptocurrency and used exchangers and mixing services to hide the money.
He pleaded guilty in 2022 to 11 counts including conspiracy to commit fraud and related activity in connection with computers, damage to protected computers and conspiracy to commit money laundering, according to the DOJ.
Capturing Vasinskyi was an international effort. He was arrested in Poland in 2021 and extradited to the U.S.
Another man involved in REvil ransomware attacks, Yevgeniy Polyanin, a now-31-year-old Russian national, remains at large, according to the FBI.
In 2023, the DOJ secured millions of dollars’ worth of ransom payments obtained through two related civil forfeiture cases, which included 39.89138522 Bitcoin and $6.1 million in funds traceable to alleged ransom payments received by other members of the conspiracy, according to the DOJ.
Last year, Robert Cioffi shared the story of how his company, Progressive Computing, was among the MSPs hit by Vasinskyi and his group in the Kaseya attack. Progressive is called “Company C” in Vasinskyi’s indictment. Cioffi has gone on to offer coaching for MSPs on how to handle an attack.
“It’s the only way that I think we can really fight cybercriminals,” he said at the time. “If we link arms together, there’s a way for us to defeat [our] enemies.”