17 May 2023

US govt charges alleged Russian hacker with attacks on critical infrastructure, police departments


US govt charges alleged Russian hacker with attacks on critical infrastructure, police departments

The US Department of Justice has announced charges against Mikhail Pavlovich Matveev, a Russian national and resident believed to be involved with the infamous Hive, LockBit and Babuk ransomware gangs.

Matveev, also known in the infosec community as Wazawaka, m1x, Boriselcin, or Uhodiransomwar, is accused of using three ransomware strains - LockBit, Babuk, and Hive - in attacks targeting critical infrastructure and government agencies in the US, including police departments, hospitals and schools.

Matveev and other members of the LockBit, Babuk, and Hive ransomware gangs have attacked at least 2,800 victims globally, and demanded payments of around $400 million. Total victim ransom payments amount to as much as $200 million, the DoJ said.

According to court documents, Matveev has been linked to attacks on a law enforcement agency in New Jersey, and the Metropolitan Police Department in Washington, D.C in 2020 and 2021 respectively.

The LockBit ransomware operation first appeared around January 2020. LockBit actors have executed over 1,400 attacks against victims worldwide, issuing over $100 million in ransom demands and receiving over $75 million in ransom payments.

The Babuk ransomware variant first appeared around December 2020. Babuk actors executed over 65 attacks against victims in the United States and around the world, issuing over $49 million in ransom demands and receiving as much as $13 million in ransom payments. In September 2021, a ransomware developer published full source code for the Babuk ransomware on a hacker forum

Since June 2021, the Hive ransomware group has targeted more than 1,400 victims around the world and received as much as $120 million in ransom payments. In January 2023, the US and international law enforcement authorities seized the Hive ransomware operation's Tor payment and data leak sites. The FBI revealed it infiltrated Hive’s computer networks in July 2022 and obtained over 300 decryption keys that allowed victims to recover encrypted files, preventing $130 million in ransom payments.

Matveev has been charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. He faces more than 20 years in prison if convicted.

In addition, the US State Department has offered a reward of up to $10 million for information that leads to Matveev’s capture or conviction.


Back to the list

Latest Posts

Cyber Security Week in Review: March 29, 2024

Cyber Security Week in Review: March 29, 2024

The world in brief: Google notes rise in zero-day exploits, the US charges  hackers linked to Chinese APT31, and more.
29 March 2024
Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024