A recent court decision in Russia has resulted in four members of the notorious REvil ransomware group being sentenced for their involvement in cybercriminal activities. Despite this crackdown on the group, experts in the field of information security believe that it will not deter other cybercriminals from operating out of Russia.
REvil first emerged in 2019 as a ransomware-as-a-service group, but their operations were disrupted in 2022 by the Russian Federal Security Service (FSB) following arrests and the confiscation of millions of dollars in cash. Last week, a Russian court sentenced Artem Zayets, Aleksey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov for money laundering and hacking charges as members of REvil.
These individuals had been detained since 2022, and the investigation into their activities began after U.S. law enforcement agencies alerted Russia to REvil’s leader and their involvement in attacks against high-tech companies. While 14 individuals were initially arrested in the crackdown on REvil, only eight were brought to trial. Of those eight, four were found guilty of various charges, with sentences ranging from four and a half to six years.
REvil was known for conducting high-profile attacks against critical infrastructure organizations, such as the 2021 attack on JBS Foods, which resulted in an $11 million ransom payment. They also claimed responsibility for a disruptive attack on software company Kaseya in 2021, affecting 1,500 downstream customers.
Despite these arrests and convictions, experts in the cybersecurity field believe that the crackdown on REvil will not have a long-lasting impact on cybercriminal activity in Russia. Steve Stone, from SentinelOne, noted that the arrests made by the FSB in 2022 were rare and that it is difficult to determine the true motivations behind such actions in Russia. He emphasized that these actions are unlikely to significantly alter the cybercrime ecosystem in the country.
Chester Wisniewski, from Sophos, also expressed skepticism about the impact of the sentencing, highlighting that the arrests occurred before the invasion of Ukraine and questioning the reasons behind the arrests and sentencing. He pointed out that Russia operates on patronage and suggested that the REvil group may have lacked the necessary connections or violated certain unwritten rules.
In conclusion, while the sentencing of the four members of REvil is a positive step, it is unlikely to deter cybercriminals from continuing their activities in Russia. The complex dynamics of power, corruption, and patronage in the country make it difficult to predict significant changes in the cybercrime landscape.