A Russian national has been unmasked as a key player in the “development and deployment” of the Hive, LockBit and Babuk ransomware strains, according to two new indictments unsealed in the US.
Mikhail Pavlovich Matveev (aka Wazawaka/m1x/Boriselcin/Uhodiransomwar) was yesterday charged with conspiring to transmit ransom demands, conspiring to damage protected computers and intentionally damaging protected computers.
Read more on ransomware: Global Action “Dismantles” Hive Ransomware Group.
If convicted, he faces over 20 years behind bars. However, that’s not likely as the suspect is thought to reside in Russia. The State Department has issued a $10m reward for information that leads to the arrest and/or conviction of Matveev, under its Transnational Organized Crime Rewards Program.
The Department of Justice (DoJ) highlighted several alleged victims of Matveev, including a law enforcement agency and non-profit behavioral healthcare organization in New Jersey and the Washington DC Metropolitan Police Department.
The DoJ estimated the combined ransom haul for the three variants at $200m, adding that the affiliates behind them demanded twice that.
“From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors,” said assistant attorney general Kenneth Polite of the Justice Department’s Criminal Division.
“These international crimes demand a coordinated response. We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem.”
In addition to the indictments, the US Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Matveev.
It claimed that he “has been vocal” about his ransomware activities, even providing media interviews and claiming his criminality will be tolerated by the Putin administration as long as he remains loyal to Russia.
“Russia is a safe haven for cybercriminals, an environment in which ransomware actors are free to conduct malicious cyber operations against the United States and our partners and allies,” added State Department spokesperson, Matthew Miller.