Digital Forensics: Exclusive: The Minnesota-based spyware maker Spytech snooped on thousands of devices before it was hacked earlier this year. © 2024 TechCrunch. All rights reserved. For personal use only…Read More
Reading Time: 2 minutes
A 24-year-old Ukrainian national has been handed a 13-year sentence for deploying the devastating REvil ransomware and using it in over 2,500 attacks. Yaroslav Vasinskyi, known online as Rabotnik, utilized the Sodinokibi/REvil ransomware variant to encrypt data on thousands of victim computers, aiming to extort hefty ransom payments. Vasinskyi and his associates demanded over $700 million in cryptocurrency ransom payments, employing cryptocurrency exchangers and mixing services to conceal their profits.
Vasinskyi and his fellow hackers planted the REvil malware on thousands of computers in a spree lasting more than five years, encrypting data and rendering them inaccessible until a ransom is paid. The gang would demand astronomical sums exceeding $700 million in cryptocurrency from their victims, employing sophisticated tactics to conceal their ill-gotten gains. To add pressure on their targets, they resorted to publicly disclosing sensitive data when ransom payments were not forthcoming.
Vasinskyi was arrested in November 2021 in relation to the ransomware attack on Miami-based IT company Kaseya on July 2, 2021, which triggered the dissemination of REvil ransomware to “endpoints” across Kaseya customer networks. This resulted in the encryption of data on computers belonging to organizations worldwide that utilized Kaseya software.
The defendants purportedly embedded electronic notes in the form of text files on the victims’ computers following the deployment of Sodinokibi/REvil ransomware. These notes contained a web address directing victims to an open-source privacy network known as Tor, along with a link to a publicly accessible website where they could initiate file recovery.
Upon accessing either website, victims were presented with a ransom demand and provided with a virtual currency address for payment. Compliance with the ransom demand typically resulted in the defendants providing the decryption key, allowing victims to regain access to their files. However, failure to pay often led to the defendants either publicly disclosing the stolen data or claiming to have sold it to third parties, leaving victims unable to retrieve their files.
Some other notable attacks using this malware were on Travelex in 2020 and meat giant JBS in 2021, with the latter coming after Colonial Pipeline paid $4.5 million to regain access to its computers (85% of this was recovered). This led to US President Joe Biden calling for a clampdown on such activities.
Vasinskyi was sentenced to 13 years and seven months in prison and ordered to pay over $16 million in restitution.
The Hôpital de Cannes – Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom. On April ...
Digital Forensics: Exclusive: The Minnesota-based spyware maker Spytech snooped on thousands of devices before it was hacked earlier this year. © 2024 TechCrunch. All rights reserved. For personal use only…Read More
Post comments (0)