Four members of the REvil ransomware group were sentenced to prison by a Russian court last week, according to the Russian state-owned news agency TASS.
Russia announced cracking down on the hacking group known as REvil and Sodinokibi in January 2022, which came in response to mounting pressure from the United States following a series of high-profile attacks. The US had previously conducted an operation aimed at disrupting REvil.
Russia launched the war against Ukraine just weeks after announcing the action taken against REvil, and questions emerged on whether the cybercriminals would face prosecution or they would be released, particularly after new malware samples suggested REvil’s possible return.
Shortly after Russia announced the REvil crackdown in January 2022, it was reported that eight people had been detained and would face charges.
According to TASS, four of them — the court recently decided to prosecute them separately — have now been sentenced.
They have received prison sentences ranging between 4.5 and 6 years, part of which they have already served since their arrest in January 2022. Prosecutors had been seeking slightly longer prison sentences, TASS reported in early October.
Given that Russian and US authorities have not cooperated on the case following the start of the Ukraine war, the hackers have not been prosecuted for crimes alleged by the US. Instead, they have been charged over the illegal use of payment cards and malware distribution, TASS said.
Prosecutors did accuse the suspects of stealing payment card information belonging to US citizens, but defense attorneys pointed out that the victims did not press charges (in Russia), TASS reported. The hackers pleaded not guilty.
If TASS’s report is accurate, it’s surprising that the Russian government has sent them to prison rather than try to leverage their skills for its cyber operations against Ukraine or the West.
A Ukrainian national accused of being a REvil affiliate was sentenced to 13 years in prison earlier this year in the United States.
Related: Russian Sentenced to Prison in US for Selling Stolen Information
Related: Ukrainian Sentenced to Prison in US for Role in Zeus, IcedID Malware Operations
Related: Two Nigerians Sentenced to Prison in US for BEC Fraud
