Fraud Management & Cybercrime
,
Ransomware
,
Standards, Regulations & Compliance
US Authorities Say Daniil Kasatkin, 26, Worked as Negotiator for Ransomware Group
A Paris criminal court last week held an extradition hearing for a Russian professional basketball player who U.S. authorities say worked as a negotiator for an undisclosed ransomware group.
See Also: New Attacks. Skyrocketing Costs. The True Cost of a Security Breach.
French police on June 21 arrested Daniil Kasatkin, 26, at Charles de Gaulle Airport after he arrived in Paris with his partner. U.S. law enforcement officials had issued an arrest warrant for his role in multiple ransomware schemes, French news outlet Le Monde first reported.
On Tuesday, the Investigative Division of the Paris Court of Appeal held a hearing on the U.S. extradition request. The U.S. authorities have up to 60 days to produce evidence to extradite Daniil Kasatkin, Paris Match reported, citing Kasatkin’s lawyer, Frédéric Bélot.
The U.S. authorities have accused Kasatkin of acting as a suspected ransomware negotiator for an unidentified ransomware group that targeted 900 organizations, including two federal agencies between 2020 and 2022.
He faces charges of conspiracy to commit computer fraud and conspiracy. The U.S. Justice Department did not immediately respond to a request for additional information.
Kasatkin, who has denied all charges, remains in jail after the Paris court rejected his request for conditional bail. After the hearing, his lawyer, Bélot, told reporters that the basketball player was the victim of a serious miscarriage of justice, emphasizing that his client had “no computer expertise whatsoever.”
“Kasatkin simply used a second-hand computer he purchased without changing the system username. The account was undoubtedly hacked and was remotely controlled by cybercriminals without Mr. Kasatkin’s knowledge,” Bélot said.
Kasatkin has been playing for the Moscow MBA-MAI team following his exit from the National Basketball Association.
The Russian embassy in Paris said it is looking into the matter and has requested consular access for Kasatkin.
Ransomware operators and other cybercrime actors operating inside Russia and China are known to enjoy state protection, making it challenging for Western law enforcement agencies to arrest and indict them. U.S. and its allies have been coupling malware infrastructure takedowns with international arrest warrants as means to disrupt cybercrime ecosystems.
The U.S. last week indicted a Chinese national for his role in facilitating Beijing-backed nation-state hack attacks after he was arrested and extradited to the U.S. from Italy (see: Italian Police Arrest Alleged Chinese Hacker Wanted by FBI).
