Russia has sentenced four members of the notorious REvil ransomware group to prison terms exceeding four years for distributing malware and illegally circulating payment tools.

The REvil group, also known as Sodin or Sodinokibi, emerged in April 2019 as the successor to the GandCrab ransomware operation. Within just a year, REvil had become one of the most aggressive ransomware syndicates, demanding massive ransom payments and reportedly raking in over $100 million.

Buy Me A Coffee

The group’s major attack in July 2021, targeting over 1,500 companies globally via Kaseya’s supply chain, marked a turning point. Following this high-profile breach, U.S. President Joe Biden urged Russian President Vladimir Putin to address cybercrime originating from within Russia, warning of potential U.S. action. Shortly after, REvil briefly halted its operations, only to resume two months later—unaware that U.S. law enforcement had already infiltrated their servers.

In response to U.S. appeals, Russia’s Federal Security Service (FSB) launched a crackdown on REvil in January 2022, arresting 14 individuals, raiding multiple locations, and seizing over $6.6 million. In their latest court ruling, Russian authorities sentenced four members—Artem Zayets, Alexey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov—to prison terms ranging from 4.5 to 6 years.

The court found them guilty of unauthorized payment activities, with additional malware distribution charges for Khansvyarov and Puzyrevsky. Four other REvil affiliates will face trial in a separate proceeding.

READ
WordPress Sites Targeted by Malicious Plugins Displaying Fake Software Updates