US Sanctions Russian Accused of Being a ‘Central Figure’ in Major Ransomware Attacks – A Russian individual has been charged by the U.S. government for his suspected involvement in ransomware attacks against crucial infrastructure and law enforcement agencies in the United States. Mikhail Matveev, who goes by the online aliases “Wazawaka” and “Boriselcin,” has been identified by U.S. authorities as a significant figure in the creation and distribution of various ransomware strains, including Hive, LockBit, and Babuk.
According to the U.S. Justice Department, Matveev reportedly admitted his involvement in a ransomware attack on the Metropolitan Police Department in Washington, D.C. in 2021. The attack, carried out by the alleged Babuk ransomware group, of which Matveev was purportedly a member since early 2020, involved breaching the police department’s systems to illicitly obtain the personal information of police officers, as well as sensitive data pertaining to criminal suspects, gangs, and witnesses.
According to prosecutors, Matveev and his accomplices allegedly utilized LockBit ransomware to target a law enforcement agency located in Passaic County, New Jersey, in June 2020. Additionally, in May 2020, they allegedly deployed Hive ransomware against a nonprofit behavioral healthcare organization based in Mercer County, which is situated nearby. The three ransomware groups mentioned are suspected to have directed their attacks towards numerous victims within the United States.
As per the Justice Department, the LockBit ransomware gang alone has been responsible for more than 1,400 attacks, resulting in ransom demands surpassing $100 million and receiving payments exceeding $75 million. Babuk, on the other hand, has conducted over 65 attacks and received ransom payments amounting to $13 million. Meanwhile, Hive has targeted over 1,500 victims globally and has obtained ransom payments reaching up to $120 million.
There are indications that Matveev is associated with the Conti ransomware group, which has backing from Russia. It is believed that the Russian national took responsibility for the ransomware attack on the Costa Rican government, during which the Conti hackers demanded a ransom payment of $20 million and expressed the desire to overthrow the Costa Rican government. The U.S. Treasury, which recently imposed sanctions on Matveev, has stated that he is also connected to various other ransomware attacks targeting multiple U.S. businesses, including an American airline.
The Treasury further revealed that Matveev has openly discussed his illicit activities, providing insights into his cybercrimes through media interviews and sharing exploit codes with online criminals. These sanctions have made it illegal for U.S. individuals or businesses to engage in transactions with Matveev, a measure often employed to discourage Americans from complying with ransom demands. “The United States will not tolerate ransomware attacks against our people and our institutions,” said Brian E. Nelson, the Treasury under secretary for terrorism and financial Intelligence.
“Ransomware actors like Matveev will be held accountable for their crimes, and we will continue to use all available authorities and tools to defend against cyber threats.” Matveev is facing charges for alleged involvement in conspiring to transmit ransom demands, conspiring to cause damage to protected computers, and intentionally damaging protected computers. If found guilty, he could potentially be sentenced to more than 20 years in prison. The Department has recently declared a reward of up to $10 million for any information that leads to Matveev’s arrest or conviction.