Russian Charged with Ransomware Attacks Against U.S. Totalling $200 Million
The United States indicted a Russian national for flaunting his cybercrime exploits online and forcing thousands of victims to pay ransom, believed to total as much as US$200 million.
Mikhail Pavlovich Matveev, whose online pseudonyms include Wazawaka, Boriselcin, and Uhodiransomwar, allegedly attacked American law enforcement agencies, hospitals, and schools, the District of New Jersey’s Attorney’s Office said o Tuesday.
The ransomware allegedly utilized by Matveev and his co-conspirators is known as LockBit, Babuk, and Hive. This software infiltrates vulnerable computer systems, stealing personal and often confidential information from users while simultaneously locking them out.
With the files now encrypted, the attackers send their victims a note demanding payment in exchange for the decryption keys. Failure to comply risks the permanent deletion of the hacked information or its online dissemination onto public forums.
According to the U.S. Department of Justice, the total ransom demands allegedly made by Matveev and his co-conspirators across thousands of hacks amount to around $400 million, with total received payments reaching up to $200 million.
"There is no such money anywhere as there is in ransomware," he unapologetically stated in past interviews.
Matveev is identified as a central figure in the creation and deployment of the Hive, LockBit, and Babuk ransomware programs, according to the U.S. Department of the Treasury. Together, these programs have been used in attacks stealing personal details of police officers, as well as classified intelligence on organized crime suspects and witnesses.
"From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors," said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department's Criminal Division. "We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem."
In addition to other alleged attacks on schools, hospitals, nonprofits, and financial centers, Matveev claimed responsibility for causing an almost week-long outage on a U.S. pipeline in 2021, leading to nationwide fuel shortages and price spikes.
"Data theft and extortion attempts by ransomware groups are corrosive, cynical attacks on key institutions and the good people behind them as they go about their business and serve the public," said U.S. Attorney Matthew M. Graves for the District of Columbia. "Whether these criminals target law enforcement, other government agencies, or private companies like healthcare providers, we will use every tool at our disposal to prosecute and punish such offenses."
Russia is a haven for ransomware actors, according to the Treasury, enabling cybercriminals like Matveev to carry out ransomware attacks against U.S. interests.
According to a report by the Financial Crimes Enforcement Network (FinCEN), 75 % of documented ransomware incidents between July and December 2021 were linked to Russia, its proxies, or persons acting on its behalf.
Matveev faces multiple charges of conspiracy to transmit ransom demands and damage protected computers. If convicted, he could face a sentence of over 20 years in prison.
As he remains at large, the U.S. Department of State announced a reward of up to $10 million for information leading to his arrest and extradition.
"We want the indictment, sanctions, and reward for Mikhail Matveev to sound an alarm in the ranks of cybercriminals all over the world," said James E. Dennehy, FBI-Newark special agent in charge.
"These malicious actors believe they can operate with impunity and don't fear getting caught because they sit in a country where they feel safe and protected," he added.
“That may be the case now, but the safe harbor may not exist forever. When we have an opportunity, we will do everything in our power to bring Matveev and his ilk to justice.”