Russia releases REvil members after convictions for payment card fraud

A Russian court sentenced several members of the notorious REvil ransomware gang to five years in prison but let them walk free right after the verdict, saying they had already spent enough time behind bars while awaiting trial.

The case was not related to REvil’s high-profile ransomware attacks. The defendants — Andrei Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotaev — were found guilty on Monday of trafficking stolen payment data and using malicious software to commit carding fraud. 

According to prosecutors, the group primarily targeted U.S. citizens by stealing and exploiting their credit card information.

The court also ordered the seizure of two 2020 BMWs, 51.8 million rubles (about $661,000) and $497,000 from Bessonov, as well as a 2019 Mercedes-Benz C200 from Korotaev. No fines were imposed. The men were released from the courtroom because their pre-trial detention was counted toward their sentences. 

The four men were arrested in a series of raids across Russia in early 2022, resulting in the detention of 14 REvil suspects.

It is uncommon for Russia to prosecute its own hackers. The Kremlin’s crackdown on REvil followed a call between then-U.S. President Joe Biden and Russian President Vladimir Putin, during which Biden urged Russia to “take action” against cybercriminals disrupting American businesses and infrastructure. Weeks later, Russia invaded Ukraine, and the case largely disappeared from the headlines.

Previous reports suggest that Russia is increasingly turning to cybercriminals to conduct espionage and hacking operations against its adversaries. Researchers say these criminal groups likely help give the Kremlin plausible deniability for state-sponsored cyberattacks linked to the war in Ukraine.

While it’s unclear whether the REvil hackers pledged allegiance to the Kremlin, the legal proceedings against the alleged hackers have dragged on for two years. Of the 14 detainees, only eight have been brought to a Moscow court to face charges of illegal financial transactions. Hearings have been postponed multiple times due to disagreements among prosecutors over the REvil case.

Last October, four other REvil members — Artem Zayets, Alexey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov — were sentenced to up to six and a half years in prison.

REvil was one of the most active ransomware gangs before its shutdown in 2021. The group is known for targeting high-profile individuals, including Lady Gaga and U.S. President Donald Trump, as well as major U.S. companies such as the Florida-based software provider Kaseya. In 2021, REvil used compromised Kaseya servers to deploy ransomware across the internal networks of thousands of companies worldwide.