Security

Cyber-crime

Feds offer $10m reward for info on alleged Russian ransomware crim

Infecting cops' computers is one way to put a target on your back


The Feds have sanctioned a Russian national accused of using LockBit, Babuk, and Hive ransomware to extort a law enforcement agency and nonprofit healthcare organization in New Jersey, and the Metropolitan Police Department in Washington DC, among "numerous" other victim organizations in the US and globally.

According to indictments unsealed on Tuesday, US grand juries have charged Mikhail Pavlovich Matveev with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, he faces 20-plus years in prison. 

First, however, he has to be located, and then extradited to America. To this end the US Department of State will pay up to $10 million for information leading to his arrest or conviction.  

"From Russia and hiding behind multiple aliases, Matveev is alleged to have used these ransomware strains to encrypt and hold hostage for ransom the data of numerous victims, including hospitals, schools, nonprofits, and law enforcement agencies, like the Metropolitan Police Department in Washington, DC," US Attorney Philip Sellinger said in a statement

Matveez has also been linked to a ransomware intrusion against a US airline, according to the US Treasury Department, which today added Matveez to its list of sanctioned individuals. 

This prohibits US residents and organizations from doing business with Matveez or any other so-called "blocked persons" — and it also means that paying ransom demands to listed individuals or organizations could count as breaking US laws [PDF].

Matveez and other members of the LockBit, Babuk, and Hive ransomware gangs have attacked at least 2,800 victims globally, and demanded payments of around $400 million, according to court documents. They made more than $200 million in this way, we're told.

Infecting law enforcement with LockBit and Babuk

In June 2020, Matveev and crew allegedly deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey, according to one of the two indictments [PDF]. 

This same group of miscreants also allegedly used LockBit to infect computers at businesses in Johnson County, Kansas; Dakota, Minnesota; Alameda County, California; and Boulder County, Colorado between June and September 2020, the New Jersey court documents say.

Meanwhile, between December 2020 and September 2021, Matveev and his co-conspirators allegedly used Babuk ransomware to extort money from victims in Turin, Italy; Hillsborough County, New Hampshire; Washington County, Oregon, and DC's Metropolitan Police Department.

"As part of the ransomware attack, the MPD was threatened with disclosure of sensitive information unless payment was made," according to the second indictment [PDF].

"Data theft and extortion attempts by ransomware groups are corrosive, cynical attacks on key institutions and the good people behind them as they go about their business and serve the public," US Attorney Matthew M. Graves for the District of Columbia said in a statement. 

"Whether these criminals target law enforcement, other government agencies, or private companies like health care providers, we will use every tool at our disposal to prosecute and punish such offenses," Graves added.

The indictments and sanctions come amid US attempts to crackdown on cybercrime gangs operating out of Russia.

In January, the FBI said it shut down the Hive's ransomware network, seizing control of the notorious gang's servers and websites, after a seven-month covert operation during which agents hacked the criminal group's network and used that access to provide decryption keys for more than 300 victims.

A month later, the US and UK sanctioned seven Russians for their alleged roles in disseminating Conti and Ryuk ransomware and the Trickbot banking trojan.

And just last week, the FBI said it cut off a network of Kremlin-controlled computers used to spread the Snake malware which, according to the Feds, has been used by Russia's FSB to steal sensitive documents from NATO members for almost two decades. ®

Send us news
1 Comment

LockBit ransomware kingpin gets 4 years behind bars

Canadian-Russian said to have turned to a life of cybercrime during pandemic, now must pay the price – literally

Russia's Cozy Bear caught phishing German politicos with phony dinner invites

Forget the Riesling, bring on the WINELOADER

International effort to disrupt cybercrime moves into operational phase

Will the WEF experiment work?

Street newspaper appears to have Big Issue with Qilin ransomware gang

The days of cybercriminals having something of a moral compass are over

US sanctions spree continues with 15 more for Russian entities

Financial firms that help evade existing restrictions in crosshairs

Infosec teams must be allowed to fail, argues Gartner

But failing to recover from incidents is unforgivable because 'adrenalin does not scale'

Vans claims cyber crooks didn't run off with its customers' financial info

Just 35.5M names, addresses, emails, phone numbers … no biggie

UK council won't say whether two-week 'cyber incident' impacted resident data

Security experts insist ransomware is involved but Leicester zips its lips

'Thousands' of businesses at mercy of miscreants thanks to unpatched Ray AI flaw

Anyscale claims issue is 'long-standing design decision' – as users are raided by intruders

Yacht dealer to the stars attacked by Rhysida ransomware gang

MarineMax may be in choppy waters after 'stolen data' given million-dollar price tag

Miscreants are exploiting enterprise tech zero days more and more, Google warns

Crooks know where the big bucks are

Beijing-backed cyberspies attacked 70+ orgs across 23 countries

Plus potential links to I-Soon, researchers say