REvil Gang Members Sentenced
Read also: Global joint operation takes down RedLine and Meta malware infrastructure, a former Disney employee charged for hacking menus, and more.
Four REvil ransomware members get more than 4 years in prison
A Russian military court has sentenced four individuals linked to the infamous REvil/Sodinokibi ransomware group to multiple years in prison.
Artem Zayets, Alexey Malozemov, Daniil Puzirevsky, and Ruslan Khansvyarov were convicted on various charges, including illegal handling of payment means, hacking, and money laundering.
Zayets and Malozemov received sentences of 4.5 and 5 years, respectively, in a general-regime penal colony. Puzirevsky and Khansvyarov, facing additional charges related to the use and distribution of malware, were sentenced to 5.5 and 6 years, respectively.
All four men were part of an initial group of 14 arrested by Russian authorities in early 2022, following tips and intelligence from US law enforcement. During the raids, authorities seized approximately 426 million rubles ($4.38 million), $600,000 in cash, €500,000 (about $544,000), cryptocurrency wallets, computers, and nearly two dozen luxury vehicles.
RedLine and Meta malware disrupted, an alleged RedLine developer charged in the US
An international joint action dubbed ‘Operation Magnus’ involving police agencies from the Netherlands, the US, the UK, Belgium, Portugal, and Australia, with the support of Europol and Eurojust, disrupted the infrastructure of the RedLine and Meta malware families.
The Dutch police reported it gained “full access” to servers supporting RedLine and Meta. In the Netherlands alone, three servers were dismantled, while two domains linked to the info-stealers were seized. Two suspects involved in the malware’s operations were apprehended in Belgium.
Investigators uncovered 1,200 servers across multiple countries linked to the RedLine and Meta malware infrastructure. The authorities also recovered a database containing information on RedLine and Meta’s clientele.
Separately, the US prosecutors charged Maxim Rudometov, a suspected creator and administrator of RedLine. Rudometov allegedly maitained RedLine’s infrastructure and leveraged cryptocurrency accounts to process and hide payments obtained from the malware’s deployment. He faces multiple charges, including access device fraud, hacking, and money laundering. The man could be sentenced to up to 35 years in prison if convicted.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
A former Disney employee arrested for hacking menus, allegedly posing health risks to diners
A former Disney employee has been arrested and charged after allegedly hacking into the company’s systems to alter restaurant menus in ways that could have endangered customers. Michael Scheuer, a former Disney menu production manager, faces charges for allegedly breaking into Disney’s systems on multiple occasions following his termination in June. According to the complaint, Scheuer used his credentials that were not immediately revoked by his former employer to carry out the intrusions.
In early July, just weeks after his dismissal for unspecified “misconduct,” Scheuer allegedly accessed the menu system Disney used for menu creation and made changes that rendered the menus unreadable, causing the entire system to be taken offline.
In addition, Scheuer is accused of redirecting QR codes on the menus to an external site promoting a boycott against Israel over its involvement in Gaza. More importantly, he modified allergen warnings on the menus, removing critical information and mislabeling food items in ways that could have led to severe allergic reactions in unsuspecting customers.
Furthermore, Scheuer launched several denial-of-service attacks against Disney employees, specifically targeting individuals he had worked with, according to the complaint. Prosecutors allege Scheuer developed a script designed to flood Disney’s login systems with incorrect login attempts, locking the targets out of their accounts. Scheuer is currently in jail awaiting a bond hearing, for which no date has been set.
A massive €300 million online scam dismantled
A joint law enforcement action has taken down a large-scale online investment fraud scheme that defrauded victims of at least €300 million. The perpetrators allegedly operated fake investment platforms that deceived investors across multiple countries, promising high returns on minimal investments.
Following a request from German authorities, a suspect was apprehended in Cyprus in connection with the scam. The coordinated raid also included searches of 22 locations across Cyprus and Serbia, resulting in the seizure of crucial evidence, including computers, hard drives, mobile devices, and various forms of digital data.
The investigation was launched in June 2020 following numerous complaints from duped investors. Victims reported that they were lured into investing through professional-looking websites that promised high returns with minimal financial commitment. In reality, victims recovered only 3% of their initial investment—if they received any return at all. Additionally, the fraudsters used the websites to gain access to victims' personal and banking information.
So far, around 120 German investors have been identified as victims, losing nearly €12 million collectively. However, German authorities suspect the fraud is much larger, estimating a total financial impact of at least €300 million worldwide, with some assessments projecting losses that could reach €500 million.
Japanese court convicts a man for creating ransomware with generative AI
The Tokyo District Court has convicted a 25-year-old man, Ryuki Hayashi, for creating malicious software using generative conversational artificial intelligence (AI). Hayashi has been sentenced to three years in prison, with the sentence suspended for four years, after he was found guilty of producing ransomware-like code.
This marks the first known instance of a person facing criminal action for using generative AI to create malware.
The incident occurred in March 2023 when Hayashi, working from his home in Kawasaki, allegedly utilized generative AI tools to create code designed to operate as ransomware, using illegal program source codes, accessed through AI-enabled platforms.
In addition to creating the ransomware, Hayashi was accused of obtaining multiple SIM cards registered under other people’s names. Authorities believe he intended to use these SIM cards in furthering his activities, possibly for concealing his identity in cyber operations.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter