December 2019. On a cybercriminal forum, a certain “Rabotnik” writes to “Unknown”, known to be the spokesperson for the terrible ransomware gang REvil. “I want to come back to work,” slips the first. In retrospect, it was a terrible idea. Arrested in November 2021 at the border between Poland and Ukraine at the request of UNITED STATESYaroslav Vasinskyi, alias Rabotnik, has just been sentenced to nearly 14 years in prison by a Texas court, American justice announced this Wednesday, May 1.
This 24-year-old Ukrainian will also have to pay more than 16 million dollars (around 15 million euros) in damages. According to the prosecution, Yaroslav Vasinskyi was indeed no small fish. On the contrary, he would have been involved in 2,500 computer attacks carried out with the Sodinokibi ransomware, a malicious program encrypting the data of its victims detected for the first time in April 2019. The malware was, for example, found in the attack in France by the lessor social Paris Habitat.
Advertisement
Thriving cybercrime SME
The computer hacker then joined Revil, the gang behind Sodinokibi. Very active, the affiliate reportedly demanded more than $700 million in ransoms. Or only part of the thriving cybercrime SME, then the most threatening gang of cybercriminals. For a meager result, however: according to American justice, he only managed to extort $2.3 million, paid in Bitcoin or Monero, a latter cryptocurrency deemed more anonymous.
The young Ukrainian had finally participated in the giant cyberattack against the IT company Kaseya. After hijacking the IT monitoring software of this Miami-based company, the hackers managed to indirectly affect thousands of organizations. Believing they had hit the jackpot, the hackers then demanded a mega ransom of $70 million.
Yaroslav Vasinskyi's conviction is not a surprise. The young Ukrainian pleaded guilty in the summer of 2022. American justice then managed to get their hands on nearly 40 Bitcoin and $6.1 million. Either the loot from ransoms after attacks carried out by Rabotnik and other members of the gang.
Advertisement
Russian stalemate
The pirate's heavy sentence was immediately welcomed by the American legal community. “By working with our international partners, we are bringing to justice those who target American victims and we are disrupting the broader ecosystem of cybercrime,” said Deputy Attorney General Lisa Monaco.
A declaration that must be read implicitly. The completion of Yaroslav Vasinskyi's legal case contrasts with the stagnation of the Russian procedure. Moscow, accused of turning a blind eye to the activities of cybercriminals as long as they do not attack local organizations, had nevertheless announced the dismantling of REvil in January 2022 after a raid ended by fourteen arrests.
But since then, the case is still pending. As the daily Kommersant reported, the case was first referred from traditional criminal justice to a military court, one of the accused being a reserve soldier. Defense lawyers have since reported several requests for a mistrial, ruling that the entire criminal proceedings were illegal.
So many elements which cast doubt on the real desire of Russian justice to complete the case. However, she is known to be expeditious when it comes to opponents of power. Whatever the future judgment, experts already noted at the time of the dragnet that the main leaders of REvil seemed to have escaped arrest. Their brand burned, the gang members still at large have likely branched out into other ransomware franchises. Leaving their affiliates, like Rabotnik, who had been arrested, in the lurch.
Selected for you