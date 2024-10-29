A Russia court sentenced four members of the infamous REvil ransomware group, but infosec experts agree the crackdown won't dissuade cybercriminals from continuing to operate out of Russia.

REvil emerged in 2019 as a ransomware-as-a-service group but was disrupted by the Russian Federal Security Service (FSB) in 2022 following arrests and cash confiscations in the millions. Last week, Russian news outlet Kommersant reported that Artem Zayets, Aleksey Malozemov, Daniil Puzyrevsky and Ruslan Khansvyarov were sentenced in a Russian court for money laundering and hacking charges as members of REvil.

Zayets, Malozemov, Puzyrevsky and Khansvyarov were initially arrested and have been detained since 2022. Kommersant added that the investigation began after U.S. law enforcement agencies alerted Russia to REvil's unnamed leader and his involvement in attacks against victim organizations in "high-tech companies."

Initially, Russian authorities arrested 14 individuals in the crackdown on REvil but only eight were brought to trial. Of the eight, four alleged REvil members were all found guilty of illegal circulation of means and payment, while Puzyrevsky and Khansvyarov were also charged for using and distributing malware. Sentences ranged from four and a half to six years.

REvil is known for high-profile attacks against critical infrastructure organizations. For example, in 2021 REvil actors hit Colorado-based JBS Foods, and the meat processing company subsequently paid an $11 million ransom demand. REvil also claimed responsibility for a disruptive attack against software company Kaseya in 2021 that affected 1,500 downstream customers. However, Kaseya did not give into ransom demands.