The Justice Department on Tuesday unsealed two indictments charging a Russian national in a "global ransomware campaign," which, in part, allegedly involved cyberattacks on law enforcement agencies in New Jersey and Washington, D.C., as well as victims in health care and other sectors nationwide.
Mikhail Pavlovich Matveev, 30, of Kaliningrad, Russia, is charged with intentional damage to a protected computer and threats relating to a protected computer.
Each felony offense carries a statutory maximum of 10 years in prison, federal prosecutors said.
Using online monikers Wazawaka, m1x, Broriscelcin and Uhodiransomwar from his home base in Russia, Matveev allegedly participated in conspiracies to deploy three ransomware variants known as LockBit, Babuk and Hive to attack critical infrastructure around the world, including law enforcement, hospitals, government agencies, schools and victims in other sectors.
FORMER US EMBASSY EMPLOYEE ARRESTED, HELD AT SAME MOSCOW PRISON AS WSJ REPORTER: RUSSIAN REPORT
The Justice Department estimates the total ransom demands allegedly made by the members of these three global ransomware campaigns to their victims to be as much as $400 million. Total victim ransom payments amounted to as much as $200 million, the DOJ said.
According to the Department of the Treasury, Matveev has been a central figure in the development and deployment of the Hive, LockBit and Babuk ransomware variants, among others.
"In 2021, Babuk ransomware affiliates attacked the police department of a major U.S. city. The hackers who infiltrated the police department’s computer network stole the home addresses, cellphone numbers, financial data, medical histories and other personal details of police officers, along with sensitive information about gangs, suspects of crimes and witnesses," the Treasury Department said. "In a public interview, Matveev claimed responsibility for posting the police department’s stolen data online."
The Treasury’s Office of Foreign Assets Control also announced Tuesday it is designating Matveev for his role in launching cyberattacks against U.S. law enforcement, businesses and critical infrastructure. The Department of State has also announced an award of up to $10 million for information that leads to the apprehension of this defendant.
FBI RESPONDS TO SCATHING DURHAM REPORT ON TRUMP-RUSSIA PROBE, TOUTS ‘DOZENS OF CORRECTIVE ACTIONS’
"From Russia and hiding behind multiple aliases, Matveev is alleged to have used these ransomware strains to encrypt and hold hostage for ransom the data of numerous victims, including hospitals, schools, nonprofits and law enforcement agencies, like the Metropolitan Police Department in Washington, D.C.," Philip R. Sellinger, U.S. Attorney for the District of New Jersey, said in a statement.
Though Matveev remains a "fugitive from justice" Tuesday, Sellinger said the indictments shine a light on the Russian national’s alleged criminal acts, meaning he can "no longer hide in the shadows" or travel to the U.S. or any country with which the U.S. has an extradition treaty without fear of being arrested.
From as early as 2020, one indictment alleges Matveev was an active member of Babuk, a global ransomware campaign that ranked among the most active and destructive cybercriminal threats in the world.
On April 26, 2021, Babuk conspirators deployed ransomware against the Metropolitan Police Department in Washington, D.C., and then threatened to disclose sensitive information to the public unless a payment was made. As part of that specific attack, Matveev allegedly intentionally infected the police department’s computer systems with Babuk ransomware, stole data and then attempted to extort the department, threatening disclosure of sensitive information unless payment was made.
Matveev is also charged with a series of similar crimes in an indictment filed in the District of New Jersey.
On June 25, 2020, Matveev and his LockBit conspirators allegedly deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey. On May 27, 2022, Matveev and Hive coconspirators allegedly deployed Hive against a nonprofit behavioral health care organization headquartered in Mercer County, New Jersey.
Sellinger said victims paid generally through cryptocurrency.
"We want the indictment, sanctions and reward for Mikhail Matveev to sound an alarm in the ranks of cyber criminals all over the world," Special Agent in Charge James Dennehy, of the FBI’s Newark Field Office, said in a statement. "The FBI and our law enforcement partners, as well as our international partners, are coming after you.
"These malicious actors believe they can operate with impunity — and don’t fear getting caught because they sit in a country where they feel safe and protected. That may be the case now, but the safe harbor may not exist forever. When we have an opportunity, we will do everything in our power to bring Matveev and his ilk to justice."
The FBI said it is investigating the case with assistance from international partners in France, Japan, the United Kingdom, Switzerland, the Netherlands, Germany, Spain, Norway and Sweden.
