REvil Ransomware Syndicate Dismantled: Key Members Sentenced in Russia
Brook.X
The REvil ransomware, a direct successor to the infamous GandCrab hacking operations, launched attacks against over 1,500 businesses worldwide in July 2021, making off with a trove of confidential data.
In just one year, REvil's extortion schemes netted the group an astonishing $100 million, marking them as one of the most active ransomware syndicates of the time.
However, the FBI's diligent tracking efforts led to the acquisition of real identities of several members, revealing that at least eight were located within Russia. Subsequently, the U.S. government shared the criminals' identities with the Russian Federal Security Service (FSB) through international law enforcement channels.
In January 2022, the FSB successfully dismantled several ransomware operations within Russia, including REvil. The operation led to the arrest of 14 gang members, the seizure of residences totaling 25 in number, and the confiscation of assets worth $6.6 million.
The FSB, in a press release, stated that their search operations were precipitated by alerts and reports from U.S. authorities. The criminals were accused of compromising foreign tech companies' information resources through malware, encryption, and extortion for decryption fees.
Recently, the St. Petersburg court in Russia tried four members of the REvil group, charging them with the illegal circulation of payment means, among other crimes, including the use and distribution of malicious programs.
Artem Zaets was sentenced to 4.5 years in prison, Alexey Malozemov received a 5-year sentence, Daniil Puzyrevsky was given 5.5 years, and Ruslan Khansvyarov was sentenced to 6 years.
Of the 14 arrested criminals, 8 appeared in court for this session. The other 4 will be tried separately due to additional criminal activities uncovered during the investigation, with new criminal charges to be brought by the Office of the Prosecutor General of Russia.
