The Russian government’s prosecution of the REvil suspects arrested in January has stalled due to a lack of U.S. cooperation, a lawyer for one of the suspects told a Russian media outlet Friday.
The claim comes after senior Russian government officials said publicly over the last two months that communication between the U.S. and Russian governments on cybersecurity matters was cut off in the wake of the Russian military attack on Ukraine, and that the U.S. government had not shared sufficient information to fully prosecute the defendants.
The Russian government arrested multiple REvil ransomware crew suspects Jan. 14 as part of what was described as a “joint operation” with U.S. officials. Russia’s Federal Security Service, the FSB, said it seized 426 million rubles, $600,000 and 500,000 euros, as well as “20 premium cars” as part of the operation.
The money seized from the hackers should be donated as “humanitarian aid” to people living in the Russian-occupied areas of eastern Ukraine and the hackers should be released to work for Russian security services, Igor Vagin, an attorney in the case, told Russian state news outlet Kommersant Friday.
“The unique experience of the former defendants would certainly be useful to the Russian special services in the fight against hackers from Ukraine that have become more active lately,” Vagin said.
Kommersant reported that Yevgeny Krylov, an attorney for one of the REvil suspects, asked Oleg Khramov, the deputy head of the Russian Security Council, for help in getting Russian prosecutors to drop the case. Security Council staff said the prosecutor’s office was part of the working group that had been coordinating with the U.S. government’s National Security Council on cybersecurity matters, and that Khramov would not interfere in their case, the news outlet reported.
A spokesperson for the National Security Council told CyberScoop in April that the working group had not met “since Russia’s brutal war on Ukraine,” and that the U.S. government remained “focused on deterring and disrupting malicious cyber activity.”
Russian prosecutors only have enough information to accuse the suspects of using stolen credit information from “two Mexicans living in the United States” to purchase goods from U.S. online stores, Kommersant reported. “Neither the victims themselves nor the data on the damage caused to them by the investigation … are present, and now it is unlikely to be able to find them,” the attorney said.
Oleg Shakirov, an unaffiliated Moscow cyber policy expert, told CyberScoop Friday that the lawyer’s claims “should not be overestimated: it’s clear that the approach they chose is to appeal to patriotic sentiments. But as of now it is merely the stated position of one of the defendants and does not indicate a broader change in Moscow towards this case.”
Shakirov added that Russian senior officials such as Khramov and Deputy Foreign Minister Oleg Syromolotov have said Russian-U.S. dialogue on cybersecurity was a good thing and cited the REvil arrests as a tangible result.
“But they said there was not enough information provided by the Americans to prosecute the group, meaning specific evidence on their crimes,” Shakirov said. “Although this might look like an excuse, it is not surprising that in such a case where attacks were not targeting Russian organizations, law enforcement agencies would need more information from their counterparts or from actual victims.”
He added that “despite all the speculations, the group members are still under arrest — their initial arrests were until March and were subsequently extended — which means that investigation continues.”
Russian Deputy Minister of Internal Affairs Sergei Lebedev told Russian news agency Interfax on April 6 that the Russian government had done a significant amount of work on the REvil prosecutions, which involve “thefts from citizens and U.S. entities,” according to a Google translation.
“However, foreign partners are in no hurry to provide the necessary information that would make it possible to bring the perpetrators to justice for committing other crimes and restore the rights of their own citizens violated by crimes,” he said.
U.S. officials and independent analysts have long argued that the Russian government could easily go after the myriad cybercrime perpetrators within its borders, but largely chooses not to do so.