By Clara Thompson, The Chicago Times
May 17, 2023
NEWARK – A Russian national and resident has been charged with using three different ransomware variants to attack numerous victims throughout the United States, including law enforcement agencies in Washington, D.C. and New Jersey.
According to an indictment unsealed by the Justice Department, it is alleged that from at least as early as 2020, Mikhail Pavlovich Matveev, aka Wazawaka, aka m1x, aka Boriselcin, aka Uhodiransomwar, participated in conspiracies to deploy three ransomware variants.
These variants, known as LockBit, Babuk, and Hive, transmitted ransom demands in connection with each. It is alleged that the perpetrators behind each of these variants, including Matveev, used these types of ransomware to attack thousands of victims in the United States and worldwide. The Justice Department claims these victims include law enforcement and other government agencies, hospitals, and schools. It is further alleged that the total ransom demands amounted to as much as $400 million. It is estimated that total victim ransom payments amount to as much as $200 million.
“From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division in a press release.
It is alleged that on or about June 25, 2020, Matveev and his LockBit co-conspirators deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey. Furthermore, on or about May 27, 2022, Matveev and his Hive co-conspirators allegedly deployed Hive against a nonprofit behavioral healthcare organization headquartered in Mercer County, New Jersey. It is also alleged that on April 26, 2021, Matveev and his Babuk co-conspirators deployed Babuk against the Metropolitan Police Department in Washington, D.C.
According to the Justice Department, the LockBit ransomware variant first appeared around January 2020. LockBit actors have executed over 1,400 attacks against victims in the United States and around the world, issuing over $100 million in ransom demands and receiving over $75 million in ransom payments. The Babuk ransomware variant first appeared around December 2020 and has executed over 65 attacks against victims in the United States and around the world demanding $49 million in ransom demands and receiving as much as $13 million in ransom payments. Since June 2021, the Hive ransomware group has targeted more than 1,400 victims worldwide and received as much as $120 million in ransom payments.
All three ransomware variants operated in the same manner: first, the ransomware actors would identify and unlawfully access vulnerable computer systems, sometimes through their own hacking, or by purchasing stolen access credentials from others. Second, the actors would deploy the ransomware variant within the victim computer system, allowing the actors to encrypt and steal data thereon. Next, the actors would send a ransom note to the victim demanding a payment in exchange for decrypting the victim’s data or refraining from sharing it publicly. Finally, the ransomware actors would negotiate a ransom amount with each victim willing to pay. If a victim did not pay, ransomware actors would often post that victim’s data on a public website, often called a data leak site.
Matveev has been charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, Matveev could spend over 20 years in prison.
The Department of State also announced an award of up to $10 million for information that leads to the arrest and/or conviction of this defendant. Information that may be eligible for this award can be submitted at tips.fbi.gov or RewardsForJustice.net.