The U.S. is seeking the extradition of a Ukrainian man, Yaroslav Vasinskyi, whom they suspect is behind the Kaseya supply-chain attacks and other REvil attacks.
https://threatpost.com/revil-affiliates-arrested-doj-europol/176087/
“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
https://threatpost.com/turla-apt-backdoor-afghanistan/174858/