Russian Basketball Player Arrested over Alleged Ransomware Attack Claims

A Russian professional basketball player has been arrested in France on charges of orchestrating one of the most extensive ransomware campaigns in recent history, targeting nearly 900 companies and federal institutions between 2020 and 2022. 

The case highlights the growing intersection between cybercrime and unexpected perpetrators from diverse professional backgrounds.

Key Takeaways
1. Russian basketball player Daniil Kasatkin, 26, arrested in Paris on June 21, 2025, facing US extradition.
2. Accused of ransomware negotiation and computer fraud conspiracy.
3. Network allegedly attacked 900+ companies and federal institutions (2020-2022).
4. Claims computer incompetence; bought a compromised second-hand device unknowingly.

Alleged Ransomware Operation Attacking 900+ Companies

Le Monde reports that Daniil Kasatkin, a 26-year-old professional basketball player who most recently played for the Moscow team MBA-MAI, was arrested at Paris’s Roissy-Charles de Gaulle airport on June 21, 2025, following an international arrest warrant issued by the United States. 

The arrest occurred as Kasatkin arrived in France with his fiancée, whom he had just proposed to, marking a dramatic turn in what was supposed to be a romantic European getaway.

The US Department of Justice has formally charged Kasatkin with “conspiracy to commit computer fraud” and “computer fraud conspiracy” in connection with his alleged role in a sophisticated ransomware network. 

French authorities have placed him under extradition custody since June 23, pending the resolution of proceedings that could see him transferred to American jurisdiction to face trial.

The ransomware network that Kasatkin allegedly participated in represents a significant cybersecurity threat, having successfully compromised approximately 900 companies and two federal institutions over a two-year period. 

The malware campaign utilized advanced encryption algorithms to lock victims’ data and demand cryptocurrency payments for decryption keys, a modus operandi characteristic of modern ransomware-as-a-service (RaaS) operations.

US investigators allege that Kasatkin served as a ransomware negotiator, facilitating communications between the criminal network and victims while coordinating payment demands. 

This role typically involves sophisticated knowledge of cryptocurrency transactions, digital forensics evasion techniques, and victim psychology to maximize ransom payments while minimizing detection risks.

Kasatkin’s defense attorney, Frédéric Bélot, has mounted a vigorous defense based on his client’s alleged lack of technical expertise. 

“He’s useless with computers and can’t even install an application,” Bélot told journalists, arguing that his client purchased a second-hand computer that was either already compromised or sold to him by the actual perpetrators as a cover.

The lawyer has unsuccessfully petitioned for Kasatkin’s release, citing concerns about the impact of detention on his physical condition and basketball career. 

Kasatkin has reportedly lost weight from 95 kg to 89 kg while in custody, and his former team MBA-MAI announced his departure on July 3 after four years with the organization.

The case underscores the evolving nature of international cybercrime prosecution and the challenges of distinguishing between sophisticated threat actors and potential unwitting accomplices in complex ransomware operations.