REvil Members Released After Russian Court Credits Time Served; New Phishing Threats Emerge
A Russian court has released four convicted REvil ransomware operators—Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev—after ruling their sentences equivalent to time already served. The group had pleaded guilty to cyber intrusions targeting U.S. entities, with their arrests in 2022 initially supported by U.S. intelligence. However, cooperation between the two nations collapsed following Russia’s invasion of Ukraine. Another suspected REvil member, Yevgeniy Polyanin, remains at large, facing U.S. indictment for his alleged role in over 3,000 cyberattacks.
In separate developments, cybercriminals are targeting WordPress administrators with fraudulent domain renewal emails, aiming to steal credit card data and two-factor authentication codes. Meanwhile, Microsoft has overtaken Facebook as the most impersonated brand in phishing attacks during Q4 2025, according to Cybernews. Additionally, attackers are increasingly targeting Veeam backup systems to hinder ransomware recovery efforts, while Veeam has patched three remote code execution (RCE) vulnerabilities, including one critical flaw.
Source: https://www.scworld.com/brief/revil-ransomware-members-freed-by-russia-after-conviction
Veeam Software cybersecurity rating report: https://www.rankiteo.com/company/veeam-software
Microsoft cybersecurity rating report: https://www.rankiteo.com/company/Microsoft
WordPress cybersecurity rating report: https://www.rankiteo.com/company/wordpress
"id": "VEEMICWOR1767852426",
"linkid": "veeam-software, Microsoft, wordpress",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'web hosting/management',
'name': 'WordPress administrators',
'type': 'organization'},
{'industry': 'technology',
'location': 'global',
'name': 'Microsoft',
'size': 'large',
'type': 'corporation'},
{'industry': 'data backup/IT',
'name': 'Veeam customers',
'type': 'organization'}],
'attack_vector': ['phishing emails', 'exploited vulnerabilities'],
'data_breach': {'personally_identifiable_information': 'yes',
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['credit card data',
'two-factor authentication codes',
'user credentials']},
'description': 'Four REvil hackers were convicted by a Russian court but '
'released after their sentence was deemed equivalent to time '
'served. U.S. intelligence supported the apprehension, but '
"cooperation ended due to Russia's invasion of Ukraine. "
'Another REvil member, Yevgeniy Polyanin, remains at large. '
'Additionally, WordPress administrators were targeted with '
'fraudulent domain renewal emails to compromise credit card '
'data and 2FA codes. Microsoft became the most spoofed brand '
'in phishing attacks in Q4 2025.',
'impact': {'brand_reputation_impact': ['Microsoft brand impersonation'],
'data_compromised': ['credit card data',
'two-factor authentication codes',
'user credentials'],
'identity_theft_risk': 'high',
'payment_information_risk': 'high',
'systems_affected': ['WordPress sites', 'backup systems (Veeam)']},
'investigation_status': 'ongoing (for Yevgeniy Polyanin)',
'motivation': ['financial gain', 'data theft'],
'ransomware': {'data_encryption': 'yes',
'data_exfiltration': 'yes',
'ransomware_strain': 'REvil'},
'references': [{'source': 'Cyber Security News'},
{'source': 'TASS'},
{'source': 'Cybernews'},
{'source': 'SC Media'}],
'regulatory_compliance': {'legal_actions': ['indictment of Yevgeniy Polyanin '
'by U.S. authorities']},
'response': {'law_enforcement_notified': 'U.S. authorities involved in REvil '
'case'},
'threat_actor': ['REvil', 'unknown phishing actors'],
'title': 'REvil Ransomware Members Convicted and Released; New Phishing '
'Campaigns Targeting WordPress and Microsoft',
'type': ['ransomware', 'phishing']}