Security News > 2022 > March > REvil ransomware member extradited to U.S. to stand trial for Kaseya attack

The U.S. Department of Justice announced that alleged REvil ransomware affiliate, Yaroslav Vasinskyi, was extradited to the United States last week to stand trial for the Kaseya cyberattack.

Vasinkyi is believed to be a REvil ransomware affiliate tasked to breach corporate networks worldwide, steal unencrypted data, and then encrypt all of the devices on the network.

"In the alleged attack against Kaseya, Vasinskyi caused the deployment of malicious Sodinokibi/REvil code throughout a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to"endpoints" on Kaseya customer networks," explained the U.S. DoJ announcement.

"After the remote access to Kaseya endpoints was established, the ransomware was executed on those computers, which resulted in the encryption of data on computers of organizations around the world that used Kaseya software."

The Kaseya attack used previously unknown zero-day vulnerabilities and intimate knowledge on how the systems work, possibly indicating that this same affiliate was behind this attack as well.

While the REvil ransomware operation is shut down, it would not be surprising to see its core members or affiliate rebrand as a new operation in the future.

News URL

https://www.bleepingcomputer.com/news/security/revil-ransomware-member-extradited-to-us-to-stand-trial-for-kaseya-attack/