Andrii Kolpakov, who supervised hackers for FIN7, sentenced to 7 years in prison

It's the full amount of time that prosecutors requested.
(Marc Treble / Flickr)

A U.S. court on Thursday sentenced Andrii Kolpakov, a Ukrainian national, to seven years in prison for his role in the FIN7 gang.

Kolpakov, 33, functioned as a supervisor for a small team of hackers who between 2016 and 2018 breached victims including Chipotle, Red Robin, Arby’s and other U.S. corporations. Victims experienced “enormous” losses, according to the Justice Department, that by some estimates have exceeded $1 billion.

Kolpakov pleaded guilty in November 2020 and faced up to 25 years behind bars. Spanish police arrested him in 2018, ultimately extraditing him to the U.S.

“During the course of the scheme, [Kolpakov] received compensation for his participation in FIN7, which far exceeds comparable legitimate employment in Ukraine,” the plea deal noted. “For the purposes of this plea agreement, the parties agree that — during [Kolpakov’s] participation in the malware scheme — FIN7 illegal activity resulted in over $100 million in losses to financial institutions, merchant processors, insurance companies, retail companies and individual cardholders.”


FIN7 presented itself as a legitimate security vendor that specialized in penetration testing, a way of using offensive measures to improve firms’ digital defenses. In fact, the roughly 70 people involved with the collective worked as hackers, though it remains unclear if all of those involved in fact realized they were breaking U.S. law.

Recent court filings in the Kolpakov case help illustrate why the group was so successful. Members duped restaurant workers into downloading malicious email attachments by claiming to be sick customers threatening to sue, and infiltrated public companies by posing as U.S. government officials.

Kolpakov also was ordered to pay $2.5 million in restitution to FIN7 victims.

Another FIN7 member, Fedir Hladyr, who worked as a kind of technical guru for the hacking team, was sentenced in April to ten years in prison.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts