Yaroslav Vasinskyi, 24, was also ordered to pay over $16 million in restitution, the department said.
The department said Vasinskyi conducted the ransomware attacks using the Sodinokibi/REvil ransomware variant, and publicly exposed victims’ data when they would not pay ransom demands.
“Today, the FBI’s close collaboration with our worldwide partners has again ensured that a cybercriminal who thought he was beyond our reach faces the consequences of his actions,” FBI Director Christopher Wray said in a statement.
Vasinskyi was allegedly responsible for the July 2021 ransomware attack against Florida software provider Kaseya, the department said previously.
The Ukrainian national was accused in the indictment of breaking into Kaseya, and simultaneously distributing with accomplices REvil ransomware to as many as 1,500 Kaseya customers, encrypting their data and forcing some to shut down for days, the Justice Department said.
“Using ransomware, malicious actors from around the globe can paralyze U.S. companies in a matter of minutes,” said Leigha Simonton, the U.S. attorney for the Northern District of Texas, where Vasinskyi was tried.
Vasinskyi, who was extradited to the United States from Poland, previously pleaded guilty to an 11-count indictment charging him with conspiracy to commit fraud and related activity in connection with computers, damage to protected computers, and conspiracy to commit money laundering, the department said.