{
	"id": "2ee6570a-1aa2-41f0-a749-f68d249b3789",
	"created_at": "2026-04-06T00:06:51.152591Z",
	"updated_at": "2026-04-10T03:21:18.489549Z",
	"deleted_at": null,
	"sha1_hash": "2aa8f680e960bcb7aa40092945e57f87cb3b7468",
	"title": "Sodinokibi/REvil Ransomware Defendant Extradited to United States and Arraigned in Texas",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45538,
	"plain_text": "Sodinokibi/REvil Ransomware Defendant Extradited to United\r\nStates and Arraigned in Texas\r\nPublished: 2022-03-09 · Archived: 2026-04-05 16:39:14 UTC\r\nA man charged with conducting ransomware attacks against multiple victims, including the July 2021 attack\r\nagainst Kaseya, made his initial appearance and was arraigned today in the Northern District of Texas.\r\nAccording to an August 2021 indictment, Yaroslav Vasinskyi, 22, accessed the internal computer networks of\r\nseveral victim companies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of\r\nvictim companies.\r\n“When last year I announced charges against members of the Sodinokibi/REvil ransomware group, I made clear\r\nthat the Justice Department will spare no resource in identifying and bringing to justice transnational\r\ncybercriminals who target the American people,” said Attorney General Merrick B. Garland. “That is exactly what\r\nwe have done. The United States, alongside our international partners, will continue to swiftly identify, locate, and\r\napprehend alleged cybercriminals, capture their illicit profits, and bring them to justice.”\r\n“Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has\r\narrived in a Dallas courtroom to face justice,” said Deputy Attorney General Lisa O. Monaco. “When we are\r\nattacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be.” \r\nAccording to the indictment, Vasinskyi was allegedly responsible for the July 2, 2021, ransomware attack against\r\nKaseya. In the alleged attack against Kaseya, Vasinskyi caused the deployment of malicious Sodinokibi/REvil\r\ncode throughout a Kaseya product that caused the Kaseya production functionality to deploy REvil ransomware to\r\n“endpoints” on Kaseya customer networks. After the remote access to Kaseya endpoints was established, the\r\nransomware was executed on those computers, which resulted in the encryption of data on computers of\r\norganizations around the world that used Kaseya software.\r\nThrough the deployment of Sodinokibi/REvil ransomware, the defendant allegedly left electronic notes in the\r\nform of a text file on the victims’ computers. The notes included a web address leading to an open-source privacy\r\nnetwork known as Tor, as well as the link to a publicly accessible website address the victims could visit to\r\nrecover their files. Upon visiting either website, victims were given a ransom demand and provided a virtual\r\ncurrency address to use to pay the ransom. If a victim paid the ransom, the defendant provided the decryption key\r\nand the victim then was able to access their files. If a victim did not pay the ransom, the defendant typically posted\r\nthe victim’s stolen data or claimed they sold the stolen data to third parties, and victims remained unable to access\r\ntheir files.\r\nVasinskyi is charged with conspiracy to commit fraud and related activity in connection with computers, damage\r\nto protected computers, and conspiracy to commit money laundering. If convicted of all counts, he faces a total\r\npenalty of 115 years in prison. A federal district court judge will determine any sentence after considering the U.S.\r\nSentencing Guidelines and other statutory factors.\r\nhttps://www.justice.gov/opa/pr/sodinokibirevil-ransomware-defendant-extradited-united-states-and-arraigned-texas\r\nPage 1 of 2\n\nVasinskyi, a Ukrainian national with ties to a ransomware group linked to Russia-based actors, was taken into\r\ncustody in Poland where he remained held by authorities pending proceedings in connection with his requested\r\nextradition to the United States, pursuant to the extradition treaty between the United States and the Republic of\r\nPoland. Vasinskyi was transported to Dallas by U.S. law enforcement authorities where he arrived on March 3. He\r\nmade his initial court appearance and was arraigned today in the Northern District of Texas.\r\nThe FBI’s Dallas and Jackson Field Offices are leading the investigation. Substantial assistance was provided by\r\nthe Justice Department’s Office of International Affairs and the National Security Division’s Counterintelligence\r\nand Export Control Section.\r\nAssistant U.S. Attorney Tiffany H. Eggers for the Northern District of Texas and Senior Counsel Byron M. Jones\r\nof the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case.\r\nThe U.S. Attorney’s Office for the Northern District of Texas, the FBI’s Dallas and Jackson Field Offices and the\r\nCriminal Division’s Computer Crime and Intellectual Property Section conducted the operation in close\r\ncooperation with Europol and Eurojust, which were an integral part of coordination. Investigators and prosecutors\r\nfrom several jurisdictions, including Romania's National Police and the Directorate for Investigating Organised\r\nCrime and Terrorism; Canada’s Royal Canadian Mounted Police; France’s Court of Paris and BL2C (anti-cybercrime unit police); the Dutch National Police; Poland’s National Prosecutor’s Office, Border Guard, Internal\r\nSecurity Agency, and Ministry of Justice; and the governments of Norway and Australia provided valuable\r\nassistance.\r\nThe U.S. Department of the Treasury Financial Crimes Enforcement Network (FinCEN), the Department of\r\nHomeland Security’s Cybersecurity and Infrastructure Security Agency (CISA); Germany’s Public Prosecutor’s\r\nOffice Stuttgart and State Office of Criminal Investigation of Baden-Wuerttemberg; Switzerland’s Public\r\nProsecutor’s Office II of the Canton of Zürich and Cantonal Police Zürich; the National Police of Ukraine and the\r\nProsecutor General’s Office of Ukraine; the United Kingdom’s National Crime Agency; the U.S. Secret Service;\r\nthe Texas Department of Information Resources; BitDefender; McAfee; and Microsoft also provided significant\r\nassistance.\r\nFor more resources on ransomware prevention and response, visit www.StopRansomware.gov.\r\nAn indictment is merely an allegation, and all defendants are presumed innocent until proven guilty beyond a\r\nreasonable doubt in a court of law.\r\nSource: https://www.justice.gov/opa/pr/sodinokibirevil-ransomware-defendant-extradited-united-states-and-arraigned-texas\r\nhttps://www.justice.gov/opa/pr/sodinokibirevil-ransomware-defendant-extradited-united-states-and-arraigned-texas\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.justice.gov/opa/pr/sodinokibirevil-ransomware-defendant-extradited-united-states-and-arraigned-texas"
	],
	"report_names": [
		"sodinokibirevil-ransomware-defendant-extradited-united-states-and-arraigned-texas"
	],
	"threat_actors": [],
	"ts_created_at": 1775434011,
	"ts_updated_at": 1775791278,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2aa8f680e960bcb7aa40092945e57f87cb3b7468.pdf",
		"text": "https://archive.orkl.eu/2aa8f680e960bcb7aa40092945e57f87cb3b7468.txt",
		"img": "https://archive.orkl.eu/2aa8f680e960bcb7aa40092945e57f87cb3b7468.jpg"
	}
}