Revil Ransomware Members Freed After Serving Time for Carding
▼ Summary
– Four REvil ransomware members were released by Russia in January 2022 after pleading guilty to carding and malware charges, with their prison time considered served during detention.
– Eight REvil members were arrested in total; four who refused to plead guilty received prison sentences ranging from 4.5 to 6 years for illegal payment circulation and malware distribution.
– REvil, a prolific ransomware group, emerged in 2019 and earned over $100 million before its downfall, notably after the 2021 Kaseya attack prompted U.S. pressure on Russia.
– U.S. and Romanian authorities arrested multiple REvil affiliates in 2021-2022, seizing funds and issuing prison sentences, including a 13-year term for one member involved in the Kaseya attack.
– Russia’s FSB claimed to dismantle REvil in 2022, but communication with the U.S. on cybersecurity collapsed after Russia’s invasion of Ukraine.
Four members of the notorious REvil ransomware group have walked free after Russian courts ruled they had already served their sentences for financial cybercrimes. Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev admitted guilt for their roles in carding schemes and malware distribution between 2015 and 2022. Though originally sentenced to five years, their time in pretrial detention counted toward their punishment.
The group belonged to a larger network of eight cybercriminals arrested in early 2022. While these four accepted plea deals, their associates, Artem Zayets, Alexey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov, faced harsher sentences after contesting charges. Russian media reports indicate prison terms ranging from 4.5 to 6 years, with additional convictions for malware distribution in some cases.
REvil, also known as Sodinokibi, rose to infamy as one of the most aggressive ransomware operations. Emerging in 2019 as GandCrab’s successor, the group extorted over $100 million from victims within a year. Their most brazen attack came in July 2021, when they exploited a vulnerability in Kaseya’s software, compromising 1,500 businesses worldwide. The incident triggered direct intervention from U.S. President Joe Biden, who pressured Russian leadership to act against cybercriminal networks operating within their borders.
International law enforcement soon dismantled key parts of REvil’s infrastructure. Ukrainian national Yaroslav Vasinskyi, linked to the Kaseya breach, received a 13-year U.S. prison sentence in 2024. Another affiliate, Yevgeniy Polyanin, had $6 million seized by authorities. Meanwhile, Romanian officials arrested two additional operatives tied to thousands of attacks.
Despite briefly going dark after the Kaseya fallout, REvil’s attempted comeback proved disastrous. Unbeknownst to them, investigators had infiltrated their systems during the hiatus. When the gang reactivated servers, they inadvertently restored law enforcement-controlled machines, leading to a sweeping crackdown. In January 2022, Russia’s Federal Security Service (FSB) detained 14 suspects, declaring the syndicate dismantled.
However, geopolitical tensions soon complicated cooperation. Following Russia’s invasion of Ukraine, Moscow accused Washington of cutting cybersecurity communication channels, halting further collaboration on REvil-related investigations. The group’s legacy remains a stark reminder of ransomware’s global reach, and the fragile alliances required to combat it.
(Source: Bleeping Computer)
