Four members of the notorious REvil ransomware gang, arrested in January 2022, have been released by Russian authorities after pleading guilty to charges of carding and malware distribution, Russian state media report.
The defendants, Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev, were sentenced to five years in prison but were credited for time already served in pre-trial detention.
The individuals admitted to participating in REvil’s cybercrime operations between October 2015 and January 2022, including involvement in credit card fraud and malware deployment. The court’s decision to release them comes more than three years after they were initially apprehended as part of a broader crackdown on the gang by the Russian Federal Security Service (FSB).
Four other REvil affiliates, Artem Zayets, Alexey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov, received prison sentences ranging from 4.5 to 6 years after declining plea deals. Zayets was sentenced to 4.5 years, Malozemov to 5 years, Khansvyarov to 5.5 years, and Puzyrevsky to 6 years. The latter two were also convicted of malware distribution in addition to financial crimes.
REvil, also known as Sodinokibi, came to light in 2019 and quickly became one of the most prolific ransomware groups, netting over $100 million in ransom payments. The group’s global impact peaked in July 2021, following a high-profile supply chain attack via software vendor Kaseya that affected over 1,500 organizations worldwide. The incident drew the attention of then US President Joe Biden, who pressed Russian President Vladimir Putin to take action against cybercriminals operating from Russian territory.
International law enforcement efforts ramped up soon after. Ukrainian national Yaroslav Vasinskyi, linked to the Kaseya attack, was arrested in 2021 and sentenced in the US to 13 years in prison in May 2024. Authorities also seized millions in assets from Russian hacker Yevgeniy Polyanin and arrested two additional REvil affiliates in Romania.
Despite briefly halting operations after law enforcement infiltrated its infrastructure, REvil attempted to resume activities later in 2021. In January 2022, the FSB announced the arrest of 14 individuals and claimed to have dismantled the entire operation.
However, in April 2022, Russia had ceased communication with the US on REvil and cybersecurity issues following its invasion of Ukraine.