Feds offer $10m reward for info on alleged Russian ransomware crim

Infecting cops' computers is one way to put a target on your back

The Feds have sanctioned a Russian national accused of using LockBit, Babuk, and Hive ransomware to extort a law enforcement agency and nonprofit healthcare organization in New Jersey, and the Metropolitan Police Department in Washington DC, among "numerous" other victim organizations in the US and globally.

According to indictments unsealed on Tuesday, US grand juries have charged Mikhail Pavlovich Matveev with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, he faces 20-plus years in prison. 

First, however, he has to be located, and then extradited to America. To this end the US Department of State will pay up to $10 million for information leading to his arrest or conviction.  

"From Russia and hiding behind multiple aliases, Matveev is alleged to have used these ransomware strains to encrypt and hold hostage for ransom the data of numerous victims, including hospitals, schools, nonprofits, and law enforcement agencies, like the Metropolitan Police Department in Washington, DC," US Attorney Philip Sellinger said in a statement

Matveez has also been linked to a ransomware intrusion against a US airline, according to the US Treasury Department, which today added Matveez to its list of sanctioned individuals. 

This prohibits US residents and organizations from doing business with Matveez or any other so-called "blocked persons" — and it also means that paying ransom demands to listed individuals or organizations could count as breaking US laws [PDF].

Matveez and other members of the LockBit, Babuk, and Hive ransomware gangs have attacked at least 2,800 victims globally, and demanded payments of around $400 million, according to court documents. They made more than $200 million in this way, we're told.

Infecting law enforcement with LockBit and Babuk

In June 2020, Matveev and crew allegedly deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey, according to one of the two indictments [PDF]. 

This same group of miscreants also allegedly used LockBit to infect computers at businesses in Johnson County, Kansas; Dakota, Minnesota; Alameda County, California; and Boulder County, Colorado between June and September 2020, the New Jersey court documents say.

Meanwhile, between December 2020 and September 2021, Matveev and his co-conspirators allegedly used Babuk ransomware to extort money from victims in Turin, Italy; Hillsborough County, New Hampshire; Washington County, Oregon, and DC's Metropolitan Police Department.

"As part of the ransomware attack, the MPD was threatened with disclosure of sensitive information unless payment was made," according to the second indictment [PDF].

"Data theft and extortion attempts by ransomware groups are corrosive, cynical attacks on key institutions and the good people behind them as they go about their business and serve the public," US Attorney Matthew M. Graves for the District of Columbia said in a statement. 

"Whether these criminals target law enforcement, other government agencies, or private companies like health care providers, we will use every tool at our disposal to prosecute and punish such offenses," Graves added.

The indictments and sanctions come amid US attempts to crackdown on cybercrime gangs operating out of Russia.

In January, the FBI said it shut down the Hive's ransomware network, seizing control of the notorious gang's servers and websites, after a seven-month covert operation during which agents hacked the criminal group's network and used that access to provide decryption keys for more than 300 victims.

A month later, the US and UK sanctioned seven Russians for their alleged roles in disseminating Conti and Ryuk ransomware and the Trickbot banking trojan.

And just last week, the FBI said it cut off a network of Kremlin-controlled computers used to spread the Snake malware which, according to the Feds, has been used by Russia's FSB to steal sensitive documents from NATO members for almost two decades. ®

Send us news
1 Comment

Russian allegedly smuggled US weapons electronics to Moscow

Feds claim sniper scope displays sold in sanctions-busting move

Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit

Invasion of the data snatchers

Scattered Spider traps 100+ victims in its web as it moves into ransomware

Mandiant warns casino raiders are doubling down on 'monetization strategies'

US-Canada water org confirms 'cybersecurity incident' after ransomware crew threatens leak

NoEscape promises 'colossal wave of problems' if IJC doesn't pay up

Here's why cloud credentials are the hottest item on criminal marketplaces

And they cost less than a box of donuts

Save the Children hit by ransomware, 7TB stolen

A new low, even for these lowlifes

International Criminal Court hit in cyber-attack amid Russia war crimes probe

Right as judges issued warrants against Putin

Caesars says cyber-crooks stole customer data as MGM casino outage drags on

Zero-days are so 2022. Why not just social engineer the help desk?

TransUnion reckons big dump of stolen customer data came from someone else

Prolific info-thief strikes again

India's biggest tech centers named as cyber crime hotspots

Global tech companies' Bharat offices attract the wrong sort of interest

Mixin suspends deposits and withdrawals after $200m cryptocurrency heist

Cloud provider blamed for loss of 20% of exchange's capital

Probe reveals previously secret Israeli spyware that infects targets via ads

Oh s#!t, Sherlock