U.S. Charges Russian National with Conspiracy to Deploy Ransomware

Cybercrime, piracy and data theft. Network security breach. Compromised computer showing skull and bones symbol. Digital 3D rendering concept.

A Russian national has been charged with ransomware attacks on U.S. critical infrastructure, including law enforcement agencies in Washington, D.C. and New Jersey, and healthcare, schools and other victims worldwide.

According to the unsealed indictment obtained in the District of New Jersey, Mikhail Pavlovich Matveev (AKA Wazawaka, m1x, Boriselcin, and Uhodiransomwar) engaged in activities to spread the ransomware variants LockBit, Babuk and Hive beginning a recently as 2020. Matveev is alleged to have made ransom demands with each of the attacks, the U.S. Justice Department said.

LockBit, Babuk, Hive Ransomware Linked to Cyberattacks

According to the Justice Department, LockBit, which first appeared around January 2020, is thought to be behind some 1,400 attacks in the U.S. and worldwide, demanding in excess of $100 million in ransom and receiving upwards of $75 million.

The Babuk ransomware surfaced about a year later and has been used in more than 65 attacks in the U.S. and worldwide, demanding $50 million in ransom and reaping for its extortionists roughly $13 million in payments. Additionally. Hive has targeted more than 1,400 victims globally and received as much as $120 million in ransom payments.

Total ransom demands allegedly made by the members of these three global ransomware campaigns to their victims amount to as much as $400 million. Meanwhile, the total victim ransom payments amount to as much as $200 million, authorities said. The perpetrators, including Mateev, allegedly deployed the three ransomware families to attack thousands of victims worldwide.

Mateev Faces 20 Years-Plus in Prison

Matveev is charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, he faces more than 20 years in prison. The State Department has dangled a reward of up to $10 million for Matveev’s capture.

U.S. Assistant Attorney General Kenneth Polite, Jr. claimed Matveev launched attacks from his “home base” in Russia:

“These international crimes demand a coordinated response. We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem.”

On or about June 25, 2020, Matveev and his alleged LockBit co-conspirators are charged with:

  • Deploying LockBit ransomware against a law enforcement agency in Passaic County, New Jersey on or about June 25, 2020
  • On or about May 27, 2022, deploying the malware against a nonprofit behavioral healthcare system based in Mercer County, New Jersey.
  • On April 26, 2021, deploying Babuk against the Metropolitan Police Department in Washington, D.C.

In the Washington, D.C. extortion case, the Matveev crew allegedly threatened to publicly disclose sensitive information if their ransom demands were not met.

Matthew Graves, U.S. Attorney for the District of Columbia, asserted that law enforcement will use “every tool” at its disposal to apprehend and bring to trail ransomware extortionists:

“Data theft and extortion attempts by ransomware groups are corrosive, cynical attacks on key institutions and the good people behind them as they go about their business and serve the public. Whether these criminals target law enforcement, other government agencies, or private companies like health care providers, we will use every tool at our disposal to prosecute and punish such offenses. Thanks to exceptional work by our partners here, we identified and charged this culprit.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.