Pierluigi Paganini October 27, 2024

Russian authorities sentenced four members of the REvil ransomware operation to several years in prison in Russia.

Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country.

The four men are Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov. They were convicted of illegal payment handling, with Puzyrevsky and Khansvyarov also found guilty of malware use and distribution.

They were found guilty of illegal payment handling, while Puzyrevsky and Khansvyarov were also convicted of using and distributing malware.

“On Friday, October 25, the St. Petersburg Garrison Military Court announced the verdict against Artem Zayets, Aleksey Malozemov, Daniil Puzyrevsky and Ruslan Khansvyarov. The court found them guilty of illegal circulation of means of payment (Part 2 of Article 187 of the Criminal Code of the Russian Federation).” reported Russian news outlet Kommersant. “Puzyrevsky and Khansvyarov were also found guilty of using and distributing malicious programs (Part 2 of Article 273 of the Criminal Code of the Russian Federation), a Kommersant-SPb correspondent reports from the courtroom.”

Zayets and Malozemov received 4.5 and 5 years, while Khansvyarov and Puzyrevsky were sentenced to 5.5 and 6 years in a general regime penal colony.

The four men were identified as part of an investigation on the REvil ransomware group, prompted by a U.S. request linking the group’s leader to cyberattacks on foreign tech firms. The authorities initially identified 14 suspects who were detained, with eight brought to trial and four more—Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev—facing separate charges of illegal computer access. The cases have been sent to the Russian Prosecutor General’s Office for consolidation, and all defendants have been held since early 2022.

On May 2024, the Ukrainian national, Yaroslav Vasinskyi (24), aka Rabotnik, was sentenced to more than 13 years in prison and must pay $16 million in restitution for conducting numerous ransomware attacks and extorting victims.

The man is a member of the REvil ransomware gang and was sentenced for his role in carrying out more than 2,500 ransomware attacks and demanding over $700 million in ransom payments.

In November 2021, the US Department of Justice charged Vasinskyi, REvil ransomware affiliate, for orchestrating the ransomware attacks on Kaseya MSP platform that took place on July 4, 2021.

Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22) was arrested on October 8, 2021, while he was trying to enter Poland. Vasinskyi was extradited to the U.S. in March 2022.

Vasinskyi is a REvil ransomware affiliate since at least March 1st, 2019.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, REvil ransomware gang)