Four convicted members of the once-supreme ransomware operation REvil are leaving captivity after completing most of their five-year sentences.
The quartet were arrested in 2022 alongside four other alleged members, including the group’s founder, who remain in Russia’s custody.
Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev were all handed five-year sentences to a so-called “general regime penal colony” on Monday, although they were released on time served.
General regime penal colonies are forced labor camps, descendants of the Soviet-era gulags. Inmates can expect to be crammed into barracks with over 100 others. It’s not as densely packed as the strict or “special regime” colonies, however, which are said to be generally harsher environments.
The freed four were convicted of an “aggregate” of crimes in 2023, Russian state-owned publication TASS reported, including the illegal circulation of funds by an organized group and creation and use of malicious computer programs.
Judge Olga Duma ruled that the convicted had fully served their sentences while in a pre-trial detention facility, a lenient approach that was likely taken as a result of their earlier guilty pleas.
Judge Duma also demanded that Bessonov surrender two 2020 BMWs, and the court will seize from Korotayev the equivalent of more than $1 million (in rubles and US dollars) and a 2019 Mercedes C 200.
They were originally arrested following an appeal from the US government in January 2022, TASS stated, and despite being sentenced to five years each, they were released from custody on Monday after spending less than three years in detention.
The same can’t be said for the other four suspected REvil members, though, who were each sentenced in October 2024 to various stints in a general regime penal colony ranging from 4.5 to six years.
Following an appeal in March, their sentence was upheld, perhaps due to their refusal to enter into a guilty plea.
Of the four who will remain in the penal colony – Aleksey Malozemov, Artem Zayets, Ruslan Khansvyarov, and Daniil Puzyrevsky – the latter two received the most serious sentences, having been charged with the illegal use of bank card data and the use of malware.
Malozemov and Zayets were only convicted of the carding offences.
The term “carding” refers to the illegal use and trafficking of payment card details. Although REvil was primarily known for ransomware attacks, some of its members also moonlighted in the financial fraud space too.
REvil’s ransomware exploits were among the most high profile in history, and it was arguably the first truly “big” ransomware-as-a-service group.
Puzyrevsky, its founder according to Russian lawmakers, ran REvil from 2015 to 2022, during which time the group laid claim to landmark attacks on US nuclear weapons contractors, fashion houses, and perhaps most infamously Kaseya.
Sometimes referred to as Sodinokibi, The Register first reported on the group in 2019, although the Dzerzhinsky Court of St. Petersburg heard that Puzyrevsky started it much earlier.
It remains unclear why Russia detained the REvil members at the request of the US in January 2022. The two countries are geopolitical adversaries, but on rare occasions Russia’s FSB and the US’s FBI have been known to cooperate.
It could reasonably be assumed that Russia may have benefitted in some way from complying with the US’s request, as experts said at the time.
Russia took much of the plaudits for the FBI-led takedown of REvil’s infrastructure in July 2021, so the US may have allowed it to take the lion’s share of the credit to send a message to domestic cybercriminals, in exchange for its help.
Although only eight arrests were mentioned as part of the trial this week, a total of 14 people with alleged ties to REvil were arrested on that day in January 2022.
None of them are believed to have been extradited, however, and this may be due to the failure of political negotiations between Russia and the US.
The Department of Justice (DoJ) was able to finally convict one REvil member, though. Ukrainian national Yaroslav Vasinksyi, 25, aka Rabotnik, was arrested in 2021 at the Polish border and extradited to the US a year later.
Following a guilty plea to an 11-count indictment, he was sentenced in May 2024 to almost 14 years in prison and ordered to return $16 million to his various victims. ®
