Armenian authorities have detained a Russian tourist, Aleksandr Ermakov, on a US extradition request, allegedly linking him to the REvil ransomware group. Ermakov's wife claims he was mistakenly identified after border officers matched his photo from a social media profile. The detention occurred on June 28 at Yerevan's Zvartnots airport, where Ermakov was pulled out of the departure hall and taken into custody1. The case highlights the complexities of international cybersecurity cooperation and the potential for mistaken identities. The REvil ransomware group has been linked to numerous high-profile attacks, but it appears that Ermakov's lawyers are arguing that he is not the correct individual. This incident matters to cybersecurity practitioners because it underscores the importance of operational resilience planning, particularly in sectors that are frequently targeted by ransomware attacks, such as those allegedly carried out by REvil.