REvil Ransomware Group Members Sentenced in Russian Court

On October 25, the St. Petersburg Garrison Military Court sentenced Artem Zayets and Alexey Malozemov to four and a half and five years in a general-regime penal colony, respectively. Ruslan Khansvyarov received a five-and-a-half-year sentence, and Daniil Puzyrevsky was sentenced to six years. All four were found guilty under Article 187 of the Criminal Code of the Russian Federation for the unlawful circulation of payment instruments, while Khansvyarov and Puzyrevsky were also convicted under Article 273 for the distribution of malicious programs.

Last week, during the proceedings, the prosecution requested five-year sentences for Zayets and Malozemov, six years for Khansvyarov, and six and a half years for Puzyrevsky. According to the prosecutor, both the defense and the defendants had, in his view, overestimated the presented evidence and interpreted it to feign innocence. Given the defendants’ refusal to admit guilt or express remorse, the prosecution deemed the proposed sentences just and conducive to rehabilitation, the prosecutor concluded.

Case materials indicate that in 2015, Puzyrevsky acquired information on U.S. bank cards from the dark web for carding purposes. The indictment states that he conducted fraudulent transactions with these cards, later involving Malozemov and Khansvyarov in the scheme. The group gradually expanded, which, according to the investigation, led to an increase in its membership.

The REvil ransomware group, with which investigators associate the defendants, previously conducted attacks on major companies such as Quanta Computer, JBS Foods, Acer, and Kaseya. However, the defense noted that the final charges against their clients pertained solely to theft from American citizens’ bank cards, without mention of corporate victims of cyberattacks.

The defense repeatedly pointed out the lack of witnesses who had personally observed the defendants engaging in criminal activity. Neither the names of cardholders nor banks were present in the court documents. Attorney Vladislav Dreyeris emphasized that witness testimonies were based on oral information and assumptions, including “presumably banking documents,” thus lacking factual foundation. He also noted that the investigation had not sent inquiries to foreign banks, leaving open the question of who specifically suffered from the defendants’ actions.

The trial began in late November 2023, as one of the defendants was serving in the military at the time of the alleged offenses. Initially, 14 individuals were detained in connection with the REvil case, but only eight went to trial. Four later became subjects of a separate criminal case under Article 272 of the Criminal Code, which was forwarded to the Prosecutor General’s Office for consolidation.

The primary evidence for the prosecution relied on the testimony of witness Alexey Skorobogatov, also allegedly linked to REvil’s activities. While in custody, Zayets humorously discussed with a guard the possibility of signing a contract with the Ministry of Defense, which, he jested, might allow him to avoid imprisonment.

All individuals involved in the case have been detained since early 2022. Western media refer to REvil as “pro-Russian hackers.” Russia’s FSB previously announced the dismantling of the group, seizing large sums in rubles, dollars, euros, cryptocurrency, and 20 luxury vehicles from the accused. The operation occurred shortly after a conversation between the Russian and U.S. presidents, during which Joe Biden asked Vladimir Putin to intensify efforts against ransomware hackers. The Kremlin responded that cooperation should be continuous and professional, devoid of political motives. Prosecutor General Igor Krasnov later remarked that the U.S. was sabotaging the mutual legal assistance treaty, though official cooperation remains ongoing.

In April, Russian Security Council Deputy Secretary Oleg Khramov disclosed that, in response to Moscow’s inquiry on the motives behind the detention of REvil suspects, Washington had replied, “Arrest them for petty crimes; you can add the rest later.”