U.S. Charges Russian In Ransomware Scheme Worth Up To $200 Million
The U.S. Department of Justice (DOJ) has indicted a Russian man for his alleged participation in several ransomware schemes.
According to a press release from the Justice Department, the individual, identified as Russian national Mikhail Pavlovich Matveev, has carried out cyberattacks on victims across the United States, including on law enforcement agencies and companies in several important sectors.
Matveev, who is also known under the aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar, participated in conspiracies to deploy three ransomware variants: LockBit, Babuk, and Hive, the DOJ said.
The total ransom received from victims in the attacks is estimated to be up to $200 million, or about half of the estimated $400 million originally demanded by Matveev.
The press release did not saw which cryptocurrencies were demanded as ransom in the attacks.
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department's Criminal Division stated, "From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors."
He further emphasized the need for a coordinated response to combat such cybercrimes.
The indictments outlined several specific incidents, including attacks on a law enforcement agency in New Jersey, a non-profit healthcare organization, and the Metropolitan Police Department in Washington, D.C.
In each case, the ransomware was deployed to encrypt victim data, and ransom demands were made. Failure to comply often led to the public exposure of sensitive information on data leak sites.
Matveev faces charges of conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers.
The investigation into Matveev's activities involved the cooperation of numerous agencies, both domestic and international, including the FBI, local law enforcement, and cybercrime units from multiple countries.
If convicted, he could face over 20 years in prison.