The US Department of Justice has announced charges against Mikhail Pavlovich Matveev, a Russian national and resident believed to be involved with the infamous Hive, LockBit and Babuk ransomware gangs.
Matveev, also known in the infosec community as Wazawaka, m1x, Boriselcin, or Uhodiransomwar, is accused of using three ransomware strains - LockBit, Babuk, and Hive - in attacks targeting critical infrastructure and government agencies in the US, including police departments, hospitals and schools.
Matveev and other members of the LockBit, Babuk, and Hive ransomware gangs have attacked at least 2,800 victims globally, and demanded payments of around $400 million. Total victim ransom payments amount to as much as $200 million, the DoJ said.
According to court documents, Matveev has been linked to attacks on a law enforcement agency in New Jersey, and the Metropolitan Police Department in Washington, D.C in 2020 and 2021 respectively.
The LockBit ransomware operation first appeared around January 2020. LockBit actors have executed over 1,400 attacks against victims worldwide, issuing over $100 million in ransom demands and receiving over $75 million in ransom payments.
The Babuk ransomware variant first appeared around December 2020. Babuk actors executed over 65 attacks against victims in the United States and around the world, issuing over $49 million in ransom demands and receiving as much as $13 million in ransom payments. In September 2021, a ransomware developer published full source code for the Babuk ransomware on a hacker forum
Since June 2021, the Hive ransomware group has targeted more than 1,400 victims around the world and received as much as $120 million in ransom payments. In January 2023, the US and international law enforcement authorities seized the Hive ransomware operation's Tor payment and data leak sites. The FBI revealed it infiltrated Hive’s computer networks in July 2022 and obtained over 300 decryption keys that allowed victims to recover encrypted files, preventing $130 million in ransom payments.
Matveev has been charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. He faces more than 20 years in prison if convicted.
In addition, the US State Department has offered a reward of up to $10 million for information that leads to Matveev’s capture or conviction.
