Ransomware, IT management

Kaseya Ransomware Attacker Sentenced

Three AI risks

The hacker convicted in the July 2021 ransomware attack against Kaseya has been sentenced to 13 years and seven months in a U.S. federal prison. Kaseya had no comment on the sentencing.

The Kaseya VSA supply chain cyberattack hit roughly 50 MSPs on July 2, 2021. The the REvil ransomware attack spread from the MSPs to between 800 and 1,500 businesses worldwide, Kaseya CEO Fred Voccola told Reuters on July 5, 2021. A timeline of the attack and aftermath is available here.

In addition to the prison time, Ukrainian national Yaroslav Vasinskyi, aka “Rabotnik,” 24, was also ordered to pay more than $16 million in restitution for his role in conducting over 2,500 ransomware attacks and demanding over $700 million in ransom payments, according to a statement from the U.S. Department of Justice Office of Public Affairs.

The Justice Department said that the co-conspirators demanded ransom payments in cryptocurrency. They then used cryptocurrency exchangers and mixing services to hide their ransom payments. The Sodinokibi/REvil ransomware group drove their demands higher by publicly exposing their victims’ data when payment was not met.

Ex-Kaseya Partner Robert Cioffi Attends Sentencing

Kaseya partner Progressive Computing, a New York-based MSP was among the victims. Co-founder and chief technology officer Robert Cioffi, who recounted his experience as a victim of the attack during a keynote address at the 2023 MSSP Alert Live event, attended the sentencing hearing this week.

Cioffi provided the court a with victim impact statement and has attended some of the proceedings. He posted a statement about the sentencing on LinkedIn.

“Don't think so linearly,” he said. “This story has many branches and intersections. Think of this as simply one limb that has been cauterized. There are other chapters that may never end or heal. I want to remind you all that our collective work remains unfinished but now you can proceed with greater hope and perhaps a little victory in your heart.”

The Kaseya attack was the among the first that targeted MSPs, using them as an attack vector to their end customer companies. It was a cybersecurity wake up call to the service provider market, which has since significantly improved its security posture, awareness of threat actors, and deployment of increasingly sophisticated cybersecurity protection technologies.

11-Count Indictment Details Global Scheme

The Justice Department stated that Vasinskyi previously pleaded guilty in the Northern District of Texas to an 11-count indictment charging him with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering. He was previously extradited to the United States from Poland. 

“Deploying the REvil ransomware variant, the defendant reached out across the globe to demand hundreds of millions of dollars from U.S. victims,” Deputy U.S. Attorney General Lisa Monaco said. “But this case shows the Justice Department’s reach is also global — working with our international partners, we are bringing to justice those who target U.S. victims, and we are disrupting the broader cybercrime ecosystem.”

Kaseya Shores Up Cybersecurity, Reduces Prices

Kaseya has increased its focus on cybersecurity in the years since the ransomware attack, acquiring companies to add functions such as managed detection and response and automated network pen testing to its stack of services.

This week at its annual Kaseya Connect event in Las Vegas the company introduced Kaseya 365, an MSP essentials bundle that includes RMM, antivirus, EDR, MDR, patch management, ransomware rollback and endpoint backup. Kaseya said the all-in-one solution includes 20 core automations to significantly enhance workflow efficiency and reduce errors. It is priced at $3.99 per endpoint per month -- a level that could significantly disrupt the MSP and MSSP market.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.

You can skip this ad in 5 seconds