Russia’s interior ministry could not identify victims or the amount of damage in the REvil hackers case

The Investigative Department of the Russian Interior Ministry has completed the investigation into the case of the international hacking group REvil. The defendants were charged with only two remote thefts of funds from unidentified individuals for an unknown amount, according to Kommersant.

In the final version, all suspects were charged in 24 counts of “manufacture and sale of counterfeit or forged credit or debit cards.” The group’s alleged leader, Daniil Puzyrevsky, was additionally charged with “creating or using computer programs to destroy or block computer information, and to neutralize its protection measures.” One of the programs installed on the seized laptops was deemed malicious by the examination.

According to lawyer Viktor Smilyants, the charge of illegal turnover of payment instruments rests solely on “a set of 16-digit numbers” seized from a server in St. Petersburg.

“The investigation believes that these lines reflect the numbers of bank cards of U.S. citizens, which the defendants remotely obtained by making copies. However, it has failed to identify the cardholders and even the names of the foreign banks that issued them. In the criminal case, accordingly, there are no victims and the damage inflicted is not indicated,” the defense lawyer explained.

The alleged victims, according to the investigation, were two U.S. citizens of Mexican origin — identified as Otilia Pevez and Otilia Sisniega Pevez. From their cards the defendants presumably stole a sum of money, which they spent in online stores. However, the women could not be located.

The origin of the cash seized from the defendants in the amount of 426 million rubles, $600,000 and €500,000 is not established, and experts did not even attempt to value the cryptocurrency allegedly belonging to the hackers.

In addition, investigators established that the defendants did not commit any crimes in Russia, and the promised evidence of their possible involvement in financial fraud in the United States was never presented by authorities there.

According to a source close to the investigation, if the defendants had any connection to the international hacking group REvil, they could have been only among purchasers of its software developed for it.

As noted, experts consider REvil, also known as Sodinokibi, one of the world’s largest hacking groups. It is linked to several major hacks — the attackers distributed ransomware and demanded ransom in cryptocurrency.

In January 2022, the FSB reported the “liquidation” of the REvil group and the detention of its alleged members on the basis of a request from U.S. authorities. Nevertheless, throughout the year the hackers continued their activities in the dark web and even reported three new cyberattacks carried out by community partners using the software provided to them.