Russian basketball player arrested in France under ransomware suspicions

French authorities have arrested a Russian basketball player believed to be a member of a ransomware gang.

MBA Moscow player Daniil Kasatkin, 26, was arrested in France last month at Paris Charles de Gaulle Airport following allegations that he had been working with a ransomware group.

The US had reportedly requested that the player be arrested, claiming he had been working with a group that had launched cyber attacks on roughly 900 companies between 2020 and 2022 and had hacked two US federal government entities. They accuse Kasatkin of negotiating ransom payments.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

While the US has not publicly identified the threat group in question, they may be referring to the Conti ransomware group, a threat actor the US connected to cyber attacks on 900 companies. The Justice Department has also indicted several Russians for the spread of Conti ransomware using TrickBot malware.

Kasatkin’s lawyer has denied the player’s involvement in cyber crime, saying that his computer literacy is poor.

“He’s useless with computers. He can’t even install an app,” lawyer Frédéric Bélot told Agence-France Presse, adding that Kasatkin had recently purchased a laptop that he believes was already compromised.

“He didn’t touch anything on this computer. It was either hacked or sold to him by a hacker who wanted to pass himself off as someone else.”

Bélot added that Kasatkin has lost weight in prison and feels unsafe due to the conflict between Russia and Ukraine, the latter of which France has supported during the war.

Google’s Threat Analysis Group (TAG) previously found that former Conti cyber crime gang members (referred to as UAC-0098) had targeted Ukrainian organisations and European non-governmental organisations.

VIEW ALL

“In the initial encounter with UAC-0098, ‘lackeyBuilder’ was observed for the first time,” Google TAG said.

“This is a previously undisclosed builder for AnchorMail, one of the private backdoors used by the Conti groups.”

Google TAG added: “Since then, the actor consistently used tools and services traditionally employed by cyber crime actors for the purpose of acquiring initial access: IcedID Trojan, EtterSilent malicious document builder, and the ‘Stolen Image Evidence’ social engineering malware distribution service.”

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Russian basketball player arrested in France under ransomware suspicions

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED