A Russian man named Mikhail Pavlovich Matveev has been charged by US authorities for his alleged involvement in multiple ransomware schemes that earned him and other attackers nearly $200 million, much of which came through cryptocurrencies. These ransomware attacks targeted hospitals, schools, and police departments, among others.
Matveev was reportedly part of three different ransomware gangs, namely Lockbit, Babuk, and Hive. Together, these groups obtained almost $200 million from their victims by demanding payments exceeding $400 million, according to the Department of Justice. Matveev used multiple aliases online, including “Wazawaka,” “m1x,” “Boriselcin,” and “Uhodiransomwa.”
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division stated that “these international crimes demand a coordinated response. We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem.”
Matveev was allegedly involved in several crimes, including deploying Babuk ransomware against the Metropolitan Police Department in Washington, D.C., in April 2021 and a New Jersey nonprofit behavioral healthcare organization in May 2022. In both cases, he and his co-conspirators threatened to make sensitive materials public if their demands were not met. The Babuk ransomware group has conducted at least 65 attacks worldwide since December 2020, demanding $49 million in payments and receiving at least $13 million.
According to Bloomberg, cybersecurity journalist Brian Krebs reported in January 2022 that Matveev claimed affiliation with the Darkside ransomware group. Darkside was responsible for a ransomware attack against the Colonial Pipeline in 2021, which resulted in the attackers receiving 63.7 BTC in forced payments.
Cryptocurrencies like Bitcoin have become popular tools for conducting ransomware attacks since 2021. Unlike traditional bank transfers, hackers can easily remain anonymous when requesting payments in Bitcoin, and such payments cannot be reversed or reclaimed by a bank or government.
Chainalysis reported that ransomware revenue fell substantially in 2022 to $456.8 million, compared to $765.6 million in 2021. Experts attributed the drop to a decrease in victims’ willingness to pay a ransom, especially as sanctions rules against such payments by the US Treasury Department have made them riskier to conduct.
In January, the FBI announced that it had taken down the Hive ransomware network, which had members across North America and Europe.
The charges against Matveev highlight the risks and consequences associated with ransomware attacks. Despite the drop in ransomware revenue in 2022, these attacks remain a significant threat to organizations worldwide. Law enforcement agencies are working to combat this issue, but it is crucial for businesses and individuals to take steps to protect themselves against these attacks.