Overview
Armenia has been holding a Russian tourist in a detention center since June 28, 2026, following a U.S. extradition request targeting a suspected member of the REvil ransomware group. The detained man, Aleksandr Ermakov, shares his name with the REvil suspect sought by U.S. authorities — but his lawyers and family are adamant that the wrong person has been arrested.
What Happened
According to Russian media reports and statements from the detainee's family, border officers at Yerevan's Zvartnots International Airport pulled Ermakov out of the departure hall after checking his documents against an international warrant.
His wife, Maria Yurova, told Russian broadcaster REN TV that her husband is an ordinary tourist who had traveled to Armenia and was attempting to depart when he was detained. She said authorities have not been responsive to their appeals and that he has remained in custody ever since.
The case has attracted attention both because of the mistaken-identity allegations and because it highlights the diplomatic and legal complexity of cybercrime extradition proceedings involving Russian nationals.
Background: REvil Ransomware
REvil (also known as Sodinokibi) was one of the most prolific and damaging ransomware-as-a-service (RaaS) operations of the past decade. The group was responsible for high-profile attacks including:
- Kaseya VSA attack (July 2021): Exploited a zero-day in IT management software, affecting up to 1,500 businesses worldwide and demanding $70 million in ransom
- JBS Foods (June 2021): Forced the world's largest meat processing company to shut down operations in multiple countries; JBS paid $11 million in ransom
- Quanta Computer (April 2021): Stole and attempted to sell Apple product schematics
Russian authorities took action against REvil in January 2022, arresting 14 suspected members and seizing approximately $5.5 million in assets. However, several individuals connected to the group remain under active investigation or indictment in the U.S.
The Name Collision Problem
The case underscores a recurring challenge in international cybercrime enforcement: common names create real risks of mistaken identity, particularly when warrant information is based on aliases or partially corroborated identities.
Russian naming conventions — where given names, patronymics, and family names have limited variety in some regions — can mean multiple individuals share the same full name. If U.S. authorities identified a suspect as "Aleksandr Ermakov" without sufficient additional biometric or documentary corroboration, a false positive detention becomes possible.
Legal observers note that extradition proceedings are supposed to include robust identification checks, but the evidentiary standards and practical application vary significantly across jurisdictions.
Diplomatic Context
The case is also notable from a geopolitical perspective. Armenia has navigated complex relationships with both Russia and the West since the 2020 Nagorno-Karabakh war and subsequent shifts in its foreign policy posture. The country has shown increased willingness to cooperate with Western legal requests — a dynamic that makes it a potential transit and enforcement point for U.S. warrants involving Russian nationals.
Russia has previously criticized Western nations and their partners for what it characterizes as politically motivated arrests of Russian citizens abroad.
What Comes Next
- Ermakov's lawyers are expected to contest the detention through Armenian courts, arguing insufficient evidence of identity matching
- U.S. authorities will need to provide documentation supporting the extradition request that distinguishes the detained individual from other persons named Aleksandr Ermakov
- The case may ultimately hinge on whether Armenia's courts find the U.S. warrant sufficiently specific to justify continued detention
The outcome will have implications for how future cybercrime warrants involving common names are handled across jurisdictions.