The US arrests alleged REvil member suspected of Kaseya hack

Get a free Techzine subscription!

The US Department of Justice (DoJ) recently arrested a 22-year-old hacker with alleged ties to the REvil hacker organization. The man is suspected to be behind the infamous Kaseya attack. The action is part of a larger DoJ campaign aimed at locating and prosecuting REvil hackers.

According to security news site Cyberscoop, 22-year-old hacker Yaroslav Vasinskyi was detained by Polish authorities while crossing the border between Poland and Ukraine. Apparently, he had been on the radar of US authorities for some time. The DoJ wants the indictment to enable his extradition. Both countries have extradition treaties.

The hacker is suspected of having worked for the hacker collective REvil and actively carrying out ransomware attacks on companies worldwide. He is said to have been involved in the attack on the American company Kaseya earlier this year.

Kaseya attack

REvil’s ransomware attack affected Kaseya’s VSA product. With this, service providing customers manage and monitor their own and customers’ infrastructures. As a result, not only Kaseya, but thousands of organizations were affected by the ransomware. Before the hack took place, various white hat hackers notified Kaseya that its software contained holes.

Other actions against REvil

In addition to Yaroslav Vasinskyi, a man named Yevgeniy Polyanin was charged by the DoJ for being an employee of REvil. The alleged hacker is residing in Russia and reportedly collaborated in multiple REvil attacks, including the 2019 attack on the Texas-based company TSM Consulting. Similarly to the Kaseya incident, this attack caused infections down the chain.

Pan-European police organization Europol recently announced its arrest of seven hackers linked to GrandCrab and REvil. Other arrests have taken place in Romania, Kuwait and South Korea. The crypto portal Chatex was targeted as well, being accused of laundering crypto (ransom) money from hackers.