
Daniil Kasatkin, a professional Russian basketball player, has been arrested in France at the request of the United States, which accuses him of participating in a ransomware operation that targeted nearly 900 organizations between 2020 and 2022, including two U.S. federal institutions.
Kasatkin, 26, was taken into custody on June 21 at Paris’s Charles de Gaulle Airport upon arriving in the country with his fiancée. The arrest reportedly follows a U.S.-issued extradition request based on charges of “conspiracy to commit computer fraud” and “computer fraud conspiracy.” According to American investigators, Kasatkin allegedly played a role in ransom payment negotiations for a cybercriminal group responsible for widespread ransomware attacks. The financial impact of the attacks has not been disclosed.
The case came to light publicly during a hearing in Paris on July 8, where the court ruled to keep Kasatkin in custody under an extradition detention order issued on June 23. He denies all allegations. His lawyer, Me Frédéric Bélot, argues that Kasatkin is not technically skilled and may have unwittingly become entangled in the affair through the purchase of a compromised or pre-configured second-hand laptop. Bélot claimed that his client is “not even capable of installing an app,” suggesting the real perpetrators may have used Kasatkin’s identity as a proxy.
Kasatkin had been playing for Moscow MBA-MAI, a professional basketball club competing in the VTB United League. Over four years with the team, he played in 172 matches and scored over 1,500 points, earning two bronze medals in the Russian Cup and winning the national Spartakiad with the Moscow team. His departure from the club was announced on July 3, shortly after his arrest.
The Russian embassy in Paris confirmed it is handling Kasatkin’s case, with Foreign Ministry spokesperson Maria Zakharova stating that Russian diplomats are monitoring the situation closely. Kasatkin, who previously studied in the U.S., told the court he feels unsafe in detention due to geopolitical tensions stemming from the ongoing conflict between Russia and Ukraine. He claims his physical health and career are at risk, noting a drop in weight and a lack of access to training facilities in prison.

The ransomware group allegedly linked to Kasatkin is believed to have operated between 2020 and 2022, conducting widespread extortion campaigns across the private and public sectors. While the specific malware strain involved has not been named, U.S. authorities indicated that Kasatkin’s role focused on communication and ransom negotiation, a common function in ransomware operations that separates the technical operators from those managing the financial extortion.
Kasatkin remains in detention as French courts evaluate the U.S. extradition request. His legal team is expected to challenge the extradition on the basis of weak technical evidence and alleged mistaken identity.
Leave a Reply