REvil Group Members Receive Prison Sentences of 4.5 to 6 Years

At the end of last week, the St. Petersburg Garrison Military Court announced the verdict for Artyom Zayets, Alexey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov, who are linked to the notorious hacker group REvil. A new criminal case has also been opened against four other alleged members, which has been separated into a different proceeding and sent to the Prosecutor General’s Office of the Russian Federation.

REvil’s activities ceased in January 2022 after the FSB announced the arrest of 14 people connected to the group and conducted searches at 25 addresses in Moscow, St. Petersburg, Leningrad, and Lipetsk regions. At the time, it was reported that the operation was initiated following a request from U.S. authorities.

As a result, the Tverskoy District Court in Moscow detained eight suspected members of the hacker group. All were charged with acquiring and possessing electronic means intended for the illegal transfer of funds, committed by an organized group (Part 2, Article 187 of the Russian Criminal Code).

However, investigators were only able to charge the eight suspects with two remote thefts of funds, both committed in the U.S. against unknown victims, at unknown locations, and for an unspecified amount. Media reported that there were no identified victims or damages in the criminal case.

In May 2022, it became known that U.S. authorities had refused further cooperation with Russia, and the suspects could only be charged with bank card fraud involving two Mexican nationals living in the U.S.

Last year, media outlets reported that the case against the hacker group had essentially reached a dead end. In the final version of the case, all defendants were charged with 24 counts of “manufacturing and selling counterfeit credit or payment cards” (Article 187 of the Russian Criminal Code), and the alleged group leader, St. Petersburg resident Daniil Puzyrevsky, was additionally charged under Article 273 for “creating or using computer programs to destroy or block computer information, as well as neutralizing means of its protection.”

This was based on the discovery of a program on the defendants’ laptops, which an expert appointed by the investigation deemed malicious.

In fact, the investigation established that the accused had not committed any crimes in Russia, and the U.S. State Department never provided the promised evidence of their possible involvement in financial fraud in the U.S.

According to one defense attorney, none of the “alleged REvil members” admitted to being part of the group or to the other crimes they were accused of. The attorney stated that the charge of illegal handling of payment means, including against his client, was based solely on “a set of 24 16-digit numbers” seized from a server in St. Petersburg.

The investigation concluded that these strings represented U.S. bank card numbers, which the accused allegedly obtained remotely and copied. However, according to the attorney, investigators could not identify the cardholders or even the issuing foreign banks.

According to the investigation, the victims of REvil were two U.S. citizens of Mexican descent—Otilia Pevez and Otilia Sisniega Pevez. The accused allegedly stole an unspecified amount of money from their bank cards and spent it on online shopping. However, authorities were unable to locate these women.

Regarding the charge of using malicious software, the defense considered it at least unfounded. According to the attorney, Article 273 of the Russian Criminal Code only provides for criminal liability for using ransomware for profit, not for simply storing such programs on a hard drive. “The investigation may have confused Article 273 with Article 222, which punishes the mere possession of weapons,” the attorney noted.

Ultimately, the alleged REvil members were only convicted of illegal use of bank cards and possession of a malicious program. The origin of the seized cash (426 million rubles, $600,000, and €500,000) could not be determined, and experts did not even attempt to assess the cryptocurrency found in their possession.

According to the publication “Kommersant,” last week the court found Zayets, Malozemov, Puzyrevsky, and Khansvyarov guilty of illegal handling of payment means (Part 2, Article 187 of the Russian Criminal Code). Puzyrevsky and Khansvyarov were also found guilty of using and distributing malicious software (Part 2, Article 273).

As a result, Zayets and Malozemov were sentenced to 4.5 and 5 years in a general regime penal colony, while Khansvyarov and Puzyrevsky received 5.5 and 6 years, respectively.

Since charges in the “REvil case” were brought against eight people, a new criminal case has been opened against the other four—Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotaev—under the article on illegal access to computer information (Article 272). According to the publication, this case has been separated and sent to the Prosecutor General’s Office for subsequent consolidation with other criminal cases. During the trial, it was revealed that most of the prosecution’s evidence was based on the testimony of a witness, Alexey Skorobogatov, who law enforcement also links to REvil.

According to “Kommersant,” the defense plans to appeal the verdict.