On Saturday, a Moscow court jailed six more suspected members of the extortionist criminal group REvil for two months on charges of illegally transferring funds, a day after Russia said it had liquidated the group at the request of the United States.

REvil recruits affiliates distribute ransomware for them. Under this agreement, affiliates and ransomware developers share revenue generated from ransom payments

The court identified the six men as Mikhail Golovachuk, Ruslan Khansvyarov, Dmitry Korotaev, Alexei Malozemov, Artem Zatz and Daniil Puzyrevsky.

In a rare overt display of US-Russian cooperation at a time of high tension between the Ukraine, Russian authorities this week arrested and charged members of the REVil group

A police and FSB internal intelligence operation raided 25 addresses, detaining 14 people, the FSB said Friday, listing seized property, including $600,000 worth of computer equipment and 20 luxury cars.

The United States said in November it was offering a reward of up to $10 million for information leading to the identification or location of anyone holding a key position within the REvil group.

REvil (Ransomware Evil; also known as Sodinokibi) is a private Russian-based or Russian-speaking ransomware-as-a-service (RaaS) operation. After an attack, REvil threatened to post the information on their Happy Blog page unless the ransom was received.

In a high-profile case, REvil attacked a supplier to tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said it had dismantled REvil and charged several of its members.

On July 2, 2021, REvil ransomware was installed on the systems of hundreds of managed service providers using Kaseya desktop management software. REvil demanded $70 million to recover the encrypted data. As a result, the Swedish grocery chain Coop was forced to close 800 stores in a few days.