Russian Basketball Player Arrested in France on US Warrant for Alleged Ransomware Negotiation

On June 21, 2025, Russian professional basketball player Daniil Kasatkin was arrested at Charles de Gaulle Airport upon arrival in France with his fiancée. The arrest was carried out under an international warrant issued by the United States, with French authorities having monitored Kasatkin’s travel itinerary and detaining him immediately upon his arrival.

Kasatkin had previously competed in basketball while studying in the United States, and upon returning to Russia in 2019, he began his professional athletic career. Until now, he had primarily remained within Russian borders, and this trip appeared to be a leisure visit to France with his fiancée.

The basis for the arrest stems from allegations that Kasatkin acted as a ransomware negotiator—serving as an intermediary between ransomware groups and their victims to facilitate the payment of extortion demands. Such activity, according to U.S. authorities, constitutes criminal complicity with cybercriminal organizations.

After identifying Kasatkin’s true identity, the U.S. Department of Justice issued an international warrant, charging him with conspiracy to commit computer fraud, among other offenses. The Department has formally requested his extradition from France to face prosecution in the United States.

Though judicial authorities have yet to disclose the specific ransomware group involved, the Department of Justice alleges that Kasatkin assisted in attacks against over 900 organizations between 2020 and 2022—including intrusions into two U.S. federal agencies.

Based on the described tactics and timeline, the ransomware in question is believed to be the infamous Conti, which emerged in 2020 as the successor to Ryuk and launched widespread attacks on major corporations, healthcare institutions, educational systems, and governmental bodies worldwide.

Kasatkin’s legal counsel has issued a statement denying any involvement in cybercrime, asserting that his arrest is tied to a second-hand computer he had purchased. The lawyer claimed that the device was of no practical use to Kasatkin—who lacked even the technical skill to install software—and posited that either the machine had been previously compromised by hackers, or it had been used in criminal activity before being sold to Kasatkin in an attempt to frame him.

Related Posts:

• DOJ Probes Ex-Ransomware Negotiator Over Alleged Collusion With Hackers
• Europol Cracks Down on €6.7M Hearing Aid Fraud Scheme Exploiting French Healthcare
• Telegram Refuses France’s Demand for Backdoor Access to User Data

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy