Russia’s case against REvil hackers proceeds as government recommends 6.5-year sentence

Avatar

The Russian military prosecutor’s office is reportedly pushing for prison sentences of up to 6.5 years for four people linked to the hacking group REvil.

The Russian cybercrime group was one of the most active ransomware gangs before its shutdown in 2021 and the arrests of 14 suspected members by Russian law enforcement a year later.

The legal proceedings against the alleged hackers have been dragging on for the last two years, and of 14 detainees only eight have made it to a Moscow court to face charges of illegal financial transactions.

The defense for the suspected REvil members, who all deny the charges, has claimed that Russian prosecutors have not presented evidence in trial of crimes related to illicit financial transactions. 

Court hearings have been postponed several times due to a lack of consensus among the prosecutors regarding the REvil case. 

Last week, the Russian military prosecutor’s office moved forward with legal proceedings against some of the REvil suspects and recommended sentencing, according to local media outlet Kommersant, which attended the court hearing.

In particular, the suspected leader of the group, Daniil Puzyrevsky, faces a requested six-and-a-half years in prison and a fine of 200,000 rubles ($2,000); Ruslan Khansvyarov could face six years in prison and a fine of 750,000 rubles ($7,700); and Alexei Malozemov and Artyom Zayets could each face five years in prison and a fine of 700,000 rubles ($7,200).

In addition to the initial charges, Puzyrevsky and Khansvyarov were also charged with unauthorized access to computer information.

REvil is known for targeting high-profile individuals, including Lady Gaga and former U.S. president Donald Trump, as well as large U.S. companies like the Florida-based software provider Kaseya in 2021. Hacked Kaseya servers allowed REvil to deploy ransomware inside the internal networks of thousands of companies across the world.

Guilty verdicts for the suspected cybercriminals are by no means guaranteed since it is uncommon for Russia to prosecute its own hackers. The Kremlin’s crackdown on REvil coincided with U.S. President Joe Biden’s phone call with Russian President Vladimir Putin, in which Biden stated that Russia must “take action” against cybercriminals disrupting American businesses and infrastructure.

The raids in the apartments of suspected REvil members were also conducted at the request of U.S. authorities, according to the Russian Federal Security Service (FSB).

Authorities reported at that time that they seized more than 426 million rubles ($4.38 million), $600,000 and €500,000 (about $544,000) in cash, along with cryptocurrency wallets, computers and nearly two dozen expensive cars.

NewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

The latest in North Korea’s fake IT worker scheme: Extorting the employers

Next Post

Hackers target Ukraine’s potential conscripts with MeduzaStealer malware

Related Posts

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks. "In some instances, fraudulent workers demanded ransom payments from their former employers after gaining
Avatar
Read More

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720. As of November 26, 2024,
Avatar
Read More