Four members of the infamous REvil ransomware gang have been released from custody in Russia after pleading guilty and being sentenced to time served.
The individuals—Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev—were arrested in January 2022 and later admitted involvement in carding and malware distribution activities.
According to Russian state media TASS, the group operated between October 2015 and January 2022, playing a role in REvil’s financially motivated cybercrimes. Although each was sentenced to five years in prison, a Russian court ruled that their pre-trial detention at a SIZO facility fulfilled their sentence, leading to their release.
The four were among eight REvil members arrested during a major crackdown by Russia’s Federal Security Service (FSB) in early 2022. The remaining defendants—Artem Zayets, Alexey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov—chose not to plead guilty and received prison sentences ranging from 4.5 to 6 years, with some convicted of additional malware distribution charges.
REvil, also known as Sodinokibi, rose to prominence in 2019 as a successor to GandCrab. It quickly became one of the most dangerous ransomware-as-a-service (RaaS) operations, amassing over $100 million in ransom payments. The group made international headlines in July 2021 following the Kaseya supply chain attack, which impacted more than 1,500 businesses globally. That attack prompted U.S. President Joe Biden to pressure Russia to crack down on homegrown cybercriminals.
Subsequent law enforcement actions targeted REvil affiliates across multiple countries. Notably, Ukrainian national Yaroslav Vasinskyi, the mastermind behind the Kaseya attack, was arrested in 2021 and sentenced to 13 years in prison in the U.S. in 2024. Authorities also seized over $6 million from another REvil partner, Yevgeniy Polyanin, and arrested two other affiliates in Romania.
Following mounting global pressure, REvil briefly went offline—only to unknowingly restore law enforcement-controlled servers during a failed comeback. That misstep led to the FSB’s large-scale takedown in January 2022, which Russian authorities described as the end of REvil’s operations.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
However, the Russia–U.S. cybercrime collaboration fell apart shortly after Moscow invaded Ukraine. In April 2022, Russia declared that Washington had cut off communication channels regarding cybersecurity cooperation, including negotiations around REvil-related investigations.
