Three of the men formed the actual criminal group, and the fourth - a Moscow-based malware developer - was "subcontracted" by them and received 100,000 rubles (some $3200) to develop a a custom ATM virus with which they would infect the devices.
Every man had his role in the operation: one who used to work as a head of an IT department obtained access to the ATMs, the second one - a system administrator - infected them, and the third one was supposedly intended to be the money mule.
According to the press release (Google translation) issued by the Ministry of Internal Affairs' cybercrime division, a coordinated raid of the three's apartments led to their arrest and the confiscation of copies of the malware and credit card information that - according to the investigators - they didn't have time to take advantage of.
The malware author was arrested in Moscow a week after. All four have been detained and will likely be charged for creation, use and distribution of malicious computer programs, and hopefully fraud.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.