Armenian authorities have detained a Russian tourist, Aleksandr Ermakov, on a US extradition request, allegedly linking him to the REvil ransomware group. Ermakov's wife claims he was mistakenly identified after border officers matched his photo from a social media profile. The detention occurred on June 28 at Yerevan's Zvartnots airport, where Ermakov was pulled out of the departure hall and taken into custody1. The case highlights the complexities of international cybersecurity cooperation and the potential for mistaken identities. The REvil ransomware group has been linked to numerous high-profile attacks, but it appears that Ermakov's lawyers are arguing that he is not the correct individual. This incident matters to cybersecurity practitioners because it underscores the importance of operational resilience planning, particularly in sectors that are frequently targeted by ransomware attacks, such as those allegedly carried out by REvil.
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man
⚡ High Priority
Why This Matters
Ransomware targeting Russia highlights sector-specific risk — operational resilience planning is the real takeaway.
References
- The Hacker News. (2026, July 17). Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man. The Hacker News. https://thehackernews.com/2026/07/armenia-detains-russian-tourist-on-us.html
Original Source
The Hacker News
Read original →