Russia has sentenced four members of the REvil ransomware operation to over 4 years in prison for distributing malware and illegal circulation of means of payment.
REvil ransomware (aka Sodin and Sodinokibi) was launched in April 2019 as a direct successor of the GandCrab operation.
In less than a year, the gang became the most prolific ransomware group, asking for some of the highest ransom payments at the time and earning over $100 million in a year.
However, in July 2021, when Revil hit over 1,5000 businesses worldwide in a Kaseya supply chain attack, things took a turn for the worse for the ransomware gang.
In response to the attack, President Biden asked President Putin to take action against cybercriminals residing in Russia; otherwise, the U.S. would take action on its own.
Feeling the pressure from international law enforcement, the REvil operation took a break and then resumed operations two months later. However, they did not know that US law enforcement and international partners had breached their servers before the breach. When the cybercriminals restored from backups, the criminals also restored machines controlled by law enforcement.