A Ukrainian man has been sentenced to 13 years in prison in the United States for a series of ransomware attacks distributed through service provider Kaseya. 2,500 REvil infections were carried out through that supply chain company.
An American judge has sentenced the man from Ukraine, Yaroslav Vasinskyi, to a prison term of thirteen years and seven months. The perpetrator must also repay sixteen million dollars to victims. Vasinskyi, 24, was previously extradited from Poland where he was arrested. He has already pleaded guilty to distributing ransomware and committing fraud.
The Ukrainian was at the center of a controversial ransomware case in 2021. Then Kaseya fell victim to a cyber attack. Tweakers wrote a background article about this at the time. Kaseya is a managed service provider that makes software that allows small businesses to manage their IT. In 2021, hackers struck the company. This did not happen to extort Kaseya itself with ransomware, but to spread ransomware via remote access tool Kaseya Virtual Systems Administrator.
The case was topical in 2021, because another supply chain company was also hacked shortly before. The hack on SolarWinds attracted attention because it was one of the first times that an intermediate provider was hacked on a large scale, which experts said seemed to be a sea change in how ransomware would be spread.
Kaseya VSA was abused to infect at least 2,500 companies with the REvil ransomware. An unknown number of those companies were American, which led the FBI to take up the case. It is not known how many companies the perpetrator actually extorted, but he must pay back at least $16 million to companies, while he had demanded a total of $700 million in ransom. The US Department of Justice says it has also seized $6.1 million from other suspects who participated in the hack, along with 39.9 bitcoins.