The United States announced Tuesday that it is offering a reward of up to $10 million for any information leading to the arrest of the Russian citizen Mikhail Pavlovich Matveev, accused of perpetrating cyberattacks on hospitals, government agencies, schools, businesses, and security forces to steal sensitive data and demand ransom payments.
“From his base of operations in Russia, Matveev allegedly used multiple variants of ransomware (data ransomware) to attack critical infrastructure around the world, including hospitals, government agencies and victims from other sectors,” said Kenneth Polite, Assistant Attorney General for USA, in a statement from the Department of Justice. “These international crimes require a coordinated response. We will not stop imposing consequences on the most egregious actors in the cybercrime ecosystem.”
Matthew Miller, spokesman for the US State Department, added that “the impact of ransomware attacks is significant and far-reaching, with victims suffering the loss and disclosure of sensitive information and the disruption of critical services.” And he claimed that “Russia is a safe haven for cybercriminals, an environment in which ransomware actors are free to carry out malicious cyber operations against the United States and its partners and allies.”
In addition to the reward announcement, the Justice Department filed two accusations against Matveev – one in the District of Columbia and one in the District of New Jersey – for having conspired to damage protected computer equipment and demand ransom, for which he faces more than 20 years in prison if convicted.
The US Treasury also imposed Economic sanctions to Matveev, who block all his assets in the US and prohibit him from making financial transactions with US citizens. “Ransomware actors like Matveev will be held to account for their crimes, and we will continue to use all available authorities and tools to defend against cyber threats,” said Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence.
A study by the Treasury Financial Crimes Enforcement Network (FinCEN) reported that 75% of ransomware-related incidents reported between July and December 2021 were linked to Russia, its proxies or people acting on its behalf.
The indictments against Mikhail Pavlovich Matveev allege that he participated with the aliases Wazawaka, m1x, Boriselcin and Uhodiransomwar in conspiracies to deploy three data hijacking operations – identified as LockBit, Babuk and Hive – between January 2020 and June 2021 that affected about 3,000 victims worldwide and that they would have served to collect some USD 200 million in ransom payments.
According to the investigation, all three attacks were carried out in the same way: first, he identified and illegally accessed vulnerable computer systems, sometimes by hacking them or buying stolen access credentials from third parties; then it installed a malicious program that allowed it to encrypt and steal data; then sent a ransom note to those affected demanding payment to refrain from disclosing their data on a public website; and lastly, he negotiated the amount of money each victim was willing to pay.
“From Russia and hiding behind multiple aliases, Matveev has allegedly used these ransomware strains to hijack the data of numerous victims, including hospitals, schools, non-profit organizations and law enforcement agencies such as the Washington DC Metropolitan Police Department”, stated Philip R. Sellinger, United States Attorney for the District of New Jersey.
He added: “Thanks to the extraordinary investigative work of prosecutors in my office and our partners at the FBI, Matveev is no longer hiding in the shadows – we have publicly identified his criminal acts and charged him with multiple federal crimes. May today’s charges serve as a reminder to cybercriminals around the world: my office is dedicated to combating cybercrime and will spare no resources to bring to justice those who use ransomware attacks to target victims.”
The indictment obtained in the District of Columbia stated that Matveev led the Babuk attack on the Metropolitan Police Department in Washington DC on April 26, 2021 and threatened to release sensitive information to the public unless a payment was made. Then, according to the US authorities, Matveev admitted in a report by the private cybersecurity company Recorded Future in 2022 that he made the decision to disclose that police data on a leaking website because the ransom negotiations failed.
“Data theft and extortion attempts by ransomware groups are corrosive and cynical attacks against key institutions and the good people who stand behind them as they do their jobs and serve the public,” said Matthew M. Graves, US Attorney for the District of Columbia. “Whether these criminals target law enforcement, other public agencies, or private companies such as healthcare providers, We will use all the tools at our disposal to prosecute and punish these crimes. Thanks to the exceptional work of our partners here, we have identified and charged this culprit.”
Keep reading:
