Former NCAA Athlete Arrested in Paris Over Ransomware Charges Tied to 900-Company Attack Campaign
Daniil Kasatkin, a professional basketball player from Russia and former NCAA athlete at Penn State, has been arrested in France at the request of U.S. authorities over allegations of involvement in major ransomware attacks. According to French media reports, the arrest occurred on June 21 at Paris Charles de Gaulle Airport, shortly after Kasatkin landed with his fiancée.
French police took Kasatkin into custody under a U.S. international arrest warrant citing charges of “conspiracy to commit computer fraud” and “computer fraud conspiracy.” The U.S. is now seeking his extradition to face prosecution.
Alleged Role as a Ransomware Negotiator in Major Cybercrime Operations
Authorities believe Kasatkin acted as a negotiator for a ransomware gang that is reportedly responsible for attacks on over 900 organizations between 2020 and 2022. Among the victims were two U.S. federal agencies, though specific names have not been disclosed.
The attack pattern attributed to the gang closely matches characteristics used by the U.S. Department of Justice in reference to Conti, a now-defunct ransomware group known for its large-scale operations. Conti, which emerged as a successor to Ryuk in 2020, was dismantled in 2022 following a significant internal data leak. While Conti’s name has not officially been attached to this case, the parallels are striking.
No previous reports had confirmed federal agency breaches by Conti, but the group is already linked to ransomware incidents targeting multiple U.S. state governments.
Defense Claims Kasatkin Is Innocent and a Victim of Circumstance
Kasatkin’s lawyer, Frédéric Bélot, strongly denies the allegations, attributing the situation to a second-hand laptop the athlete allegedly purchased.
“He bought a second-hand computer. He did absolutely nothing. He’s stunned,” said Bélot, speaking to French media.
“He’s useless with computers and can’t even install an application. He didn’t touch anything on the computer: it was either hacked, or the hacker sold it to him to act under the cover of another person.”
The defense argues that the computer may have already been compromised before it came into Kasatkin’s possession, possibly making him a scapegoat in a broader cybercrime investigation.
Broader Crackdown on Cybercrime Continues Across France and Europe
Kasatkin’s arrest follows a wave of recent cybercrime enforcement actions in France. Just last month, French police detained four alleged members of the notorious BreachForums hacking community, including users known as IntelBroker and ShinyHunters—figures tied to high-profile breaches across the tech sector.
The case against Kasatkin underscores the expanding international cooperation around ransomware enforcement and the growing focus on actors accused of facilitating negotiations and ransom payments.
With extradition proceedings now underway, it remains to be seen whether Kasatkin will face trial in the United States or succeed in contesting the charges based on his defense team’s claims. Either way, the case draws renewed attention to the ransomware ecosystem’s use of negotiators and go-betweens—and how global law enforcement is closing in.
