The US government has charged a Russian national over his alleged role in ransomware attacks against US law enforcement and critical infrastructure.
US authorities accuse Mikhail Matveev, also known online as “Wazawaka” and “Boriselcin”, of being a “central figure” in developing and deploying the Hive, LockBit, and Babuk ransomware variants.
In 2021, Matveev claimed responsibility for a ransomware attack on the Metropolitan Police Department in Washington, D.C., This is reported by the US Department of Justice. In the cyberattack, the Babuk ransomware gang, which Matveev was reportedly a member of since early 2020, infiltrated police systems to steal police officers’ personal data, along with sensitive information about gangs, crime suspects, and witnesses.
According to prosecutors, Matveev and his co-conspirators also deployed LockBit ransomware against a law enforcement agency in New Jersey’s Passaic County in June 2020, and deployed Hive ransomware against a nonprofit behavioral health organization headquartered in nearby Mercer in May 2020 counties.
These three ransomware gangs are believed to have targeted thousands of victims across the United States. According to the Justice Department, the LockBit ransomware gang has carried out more than 1,400 attacks, demanded more than $100 million in ransoms, and received more than $75 million in ransoms. Babuk has carried out more than 65 attacks and received a ransom of $13 million, while Hive has attacked more than 1,500 victims around the world and received a whopping $120 million in ransom.
Matveev is also said to have ties to the Russian-backed Conti ransomware gang. The Russian national is believed to have responsibility claimed for the ransomware attack on the government of Costa Rica, in which Conti hackers demanded a $20 million ransom — along with the overthrow of the Costa Rican government.
This is reported by the US Treasury Department announced sanctions to the Russian national on Tuesday, Matveev has also been linked to other ransomware intrusions against numerous US companies, including a US airline. The Ministry of Finance added that Matveev has spoken out about his illegal activities and provided insight into his cybercrime in media interviews and revealing exploit code to online criminals. The sanctions make it illegal for US companies or individuals to transact with Matveev, a tactic often used to discourage Americans from paying a ransom.
“The United States will not tolerate ransomware attacks against our people and our institutions,” said Brian E. Nelson, the secretary of the treasury for terrorism and financial intelligence. “Ransomware actors like Matveev will be held accountable for their crimes, and we will continue to use all available authorities and tools to defend against cyber threats.”
Matveev is charged with conspiracy to send a ransom, conspiracy to damage protected computers, and deliberately damaging protected computers. If convicted, he faces more than 20 years in prison. The Department has announced an award of up to $10 million for information leading to his arrest or conviction.
