A Ukrainian man has been sentenced to almost 14 years in prison and ordered to pay more than $16 million in restitution for his role in infecting thousands of victims with REvil ransomware.

Yaroslav Vasinksyi, aka Rabotnik, was a member of the notorious cyber crime crew and played a part in more than 2,500 ransomware attacks - costing organizations and individuals more than $700 million in extortion payments - according to the US Justice Department. For those crimes, the 24-year-old was sentenced to 13 years and seven months behind bars.

"Deploying the REvil ransomware variant, the defendant reached out across the globe to demand hundreds of millions of dollars from US victims," deputy attorney general Lisa Monaco declared in a statement.

"But this case shows the Justice Department's reach is also global - working with our international partners, we are bringing to justice those who target US victims, and we are disrupting the broader cyber crime ecosystem," she added.

In 2022, a year after being arrested on Poland's border with Ukraine, Vasinksyi was extradited to the US. He later pleaded guilty in a Texas court to an 11-count indictment [PDF] that outlined charges including conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering.

In 2023, the Justice Department clawed back the final forfeiture of millions of dollars worth of ransom payments. These included 39.89138522 Bitcoin and $6.1 million that the feds traced to alleged ransom payments linked to Vasinksyi and another alleged REvil ransomware gangster, Russian national Yevgeniy Polyanin.

The Russian-speaking crew also used double-extortion tactics to pressure victims to pay - first stealing sensitive data before encrypting files, and then threatening to leak the stolen info if organizations didn't pay the ransom demand.

This group, which emerged in 2019, is also felt to have been behind the high-profile 2021 attacks on IT management software maker Kaseya and global meat processor JBS Foods.

Later that year, a multi-country law enforcement operation seized control of REvil's infrastructure and seemingly forced the group to go out of business, despite some efforts to rise from the dead. ®

https://www.theregister.com//2024/05/02/revil_ransomware_prison/