Yaroslav Vasinskyi [1] [2] [3] [5] [6] [7] [8] [9], also known as Rabotnik [2] [3] [5] [9], a 24-year-old Ukrainian national associated with the REvil ransomware group, has been sentenced to 13 years and seven months in prison in the US [2] [3] [6] [7].


He pleaded guilty to 11 counts [4], including conspiracy to commit fraud [2] [4] [6] [9], damage to protected computers [2] [4] [6] [9], and money laundering [2] [4] [6] [9]. Vasinskyi was involved in over 2,500 ransomware attacks that generated approximately $700 million in profits [1]. He utilized the REvil ransomware variant to encrypt victim data and extort payments in cryptocurrency [7]. Vasinskyi attempted to launder the funds through crypto swapping and mixing services but was unsuccessful [1]. He was captured in Poland before being extradited to the US [4]. Alongside fellow REvil operative Yevgeniy Polyanin [9], authorities seized at least $6 million in funds linked to ransom payments [9]. The Department of Justice secured millions of dollars’ worth of ransom payments through civil forfeiture cases in 2023 [4], including Bitcoin and funds traceable to alleged ransom payments [4]. In addition to his prison sentence [1], Vasinskyi was ordered to pay over $16 million in restitution [3] [6] [9]. The Treasury Department imposed sanctions on Vasinskyi [9], Polyanin [4] [9], and a cryptocurrency exchange allegedly involved in moving money for ransomware operatives [9]. FBI Director Christopher Wray emphasized the US’s commitment to pursuing cybercriminals like Vasinskyi and disrupting their illicit activities [7]. The REvil ransomware-as-a-service (RaaS) group, based in Russia, was responsible for notable attacks on critical infrastructure entities in the US [7], such as the Colonial Pipeline incident in May 2021. While Russian authorities dismantled REvil’s infrastructure in January 2022 [7], effectively halting its operations [7], there may still be active affiliates within the ransomware ecosystem. This sentencing demonstrates the Justice Department’s commitment to holding cybercriminals accountable for targeting US victims [5]. Vasinskyi had previously been sanctioned by the US Treasury Department for his role in the ransomware operation [5]. Vasinskyi was linked to the Kaseya supply-chain ransomware attacks that impacted over 1,500 companies worldwide [8]. He was extradited to the United States in March 2022 and pleaded guilty to at least nine confirmed ransomware attacks against US-based organizations [8]. The 24-year-old affiliate was sentenced to roughly a tenth of the maximum sentence by the Northern District of Texas court [8]. REvil was a successful ransomware operation [8], with notable attacks including the Kaseya MSP supply-chain attack [8], a $50 million ransom demand from Acer [8], and leaks of unreleased Apple device blueprints [8].


The sentencing of Yaroslav Vasinskyi highlights the significant impact of cybercriminal activities and the efforts of law enforcement agencies to hold perpetrators accountable. It underscores the ongoing threat posed by ransomware groups like REvil and the importance of international cooperation in combating cybercrime. Moving forward, continued vigilance and collaboration will be essential in mitigating the risks posed by such malicious actors.


[1] https://uk.pcmag.com/security/152122/hacker-sentenced-to-13-years-in-prison-for-revil-ransomware-attacks
[2] https://www.computerweekly.com/news/366583093/Ukrainian-national-sentenced-over-REvil-ransomware-spree
[3] https://markets.businessinsider.com/news/currencies/rabotnik-affiliate-of-ransomware-group-revil-sentenced-to-13-years-in-jail-1033317808
[4] https://www.crn.com/news/security/2024/man-accused-in-kaseya-ransomware-attack-sentenced-to-13-plus-years
[5] https://www.scmagazine.com/brief/us-jails-revil-ransomware-affiliate-for-2021-kaseya-attack
[6] https://www.justice.gov/usao-ndtx/pr/sodinokibirevil-affiliate-sentenced-role-700m-ransomware-scheme
[7] https://www.infosecurity-magazine.com/news/revil-ransomware-affiliate/
[8] https://cyber.vumetric.com/security-news/2024/05/02/revil-hacker-behind-kaseya-ransomware-attack-gets-13-years-in-prison/
[9] https://www.cnn.com/2024/05/01/politics/ransomware-attack-sentencing-revil/index.html