Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1945+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker — Lawyers Say Wrong Man
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker — Lawyers Say Wrong Man
NEWS

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker — Lawyers Say Wrong Man

Armenia has held a Russian tourist named Aleksandr Ermakov in detention since June 28 after a U.S. extradition request for a REvil ransomware suspect sharing the same name. His lawyers and family insist the authorities have the wrong person.

Dylan H.

News Desk

July 18, 2026
3 min read

Overview

Armenia has been holding a Russian tourist in a detention center since June 28, 2026, following a U.S. extradition request targeting a suspected member of the REvil ransomware group. The detained man, Aleksandr Ermakov, shares his name with the REvil suspect sought by U.S. authorities — but his lawyers and family are adamant that the wrong person has been arrested.

What Happened

According to Russian media reports and statements from the detainee's family, border officers at Yerevan's Zvartnots International Airport pulled Ermakov out of the departure hall after checking his documents against an international warrant.

His wife, Maria Yurova, told Russian broadcaster REN TV that her husband is an ordinary tourist who had traveled to Armenia and was attempting to depart when he was detained. She said authorities have not been responsive to their appeals and that he has remained in custody ever since.

The case has attracted attention both because of the mistaken-identity allegations and because it highlights the diplomatic and legal complexity of cybercrime extradition proceedings involving Russian nationals.

Background: REvil Ransomware

REvil (also known as Sodinokibi) was one of the most prolific and damaging ransomware-as-a-service (RaaS) operations of the past decade. The group was responsible for high-profile attacks including:

  • Kaseya VSA attack (July 2021): Exploited a zero-day in IT management software, affecting up to 1,500 businesses worldwide and demanding $70 million in ransom
  • JBS Foods (June 2021): Forced the world's largest meat processing company to shut down operations in multiple countries; JBS paid $11 million in ransom
  • Quanta Computer (April 2021): Stole and attempted to sell Apple product schematics

Russian authorities took action against REvil in January 2022, arresting 14 suspected members and seizing approximately $5.5 million in assets. However, several individuals connected to the group remain under active investigation or indictment in the U.S.

The Name Collision Problem

The case underscores a recurring challenge in international cybercrime enforcement: common names create real risks of mistaken identity, particularly when warrant information is based on aliases or partially corroborated identities.

Russian naming conventions — where given names, patronymics, and family names have limited variety in some regions — can mean multiple individuals share the same full name. If U.S. authorities identified a suspect as "Aleksandr Ermakov" without sufficient additional biometric or documentary corroboration, a false positive detention becomes possible.

Legal observers note that extradition proceedings are supposed to include robust identification checks, but the evidentiary standards and practical application vary significantly across jurisdictions.

Diplomatic Context

The case is also notable from a geopolitical perspective. Armenia has navigated complex relationships with both Russia and the West since the 2020 Nagorno-Karabakh war and subsequent shifts in its foreign policy posture. The country has shown increased willingness to cooperate with Western legal requests — a dynamic that makes it a potential transit and enforcement point for U.S. warrants involving Russian nationals.

Russia has previously criticized Western nations and their partners for what it characterizes as politically motivated arrests of Russian citizens abroad.

What Comes Next

  • Ermakov's lawyers are expected to contest the detention through Armenian courts, arguing insufficient evidence of identity matching
  • U.S. authorities will need to provide documentation supporting the extradition request that distinguishes the detained individual from other persons named Aleksandr Ermakov
  • The case may ultimately hinge on whether Armenia's courts find the U.S. warrant sufficiently specific to justify continued detention

The outcome will have implications for how future cybercrime warrants involving common names are handled across jurisdictions.

#REvil#Ransomware#Russia#Cybercrime#Extradition#Armenia

Related Articles

German Authorities Identify REvil and GandCrab Ransomware

Germany's Federal Police have publicly named two Russian nationals as the leaders of the GandCrab and REvil ransomware operations, linking them to at...

5 min read

Germany Doxes "UNKN," Head of RU Ransomware Gangs REvil

German authorities have publicly identified the elusive "UNKN," the operator behind the GandCrab and REvil ransomware groups, as 31-year-old Russian...

4 min read

Phobos Ransomware Admin Pleads Guilty — 1,000+ Victims

Evgenii Ptitsyn, 43, a Russian national who administered the Phobos ransomware-as-a-service operation, pleaded guilty to wire fraud conspiracy in the U.S....

7 min read
Back to all News