US Gov offers a $10M reward for a Russian ransomware actor

The US government is offering a $10M reward for Russian national Mikhail Pavlovich Matveev (30) charged for his role in ransomware attacks

The US Justice Department charged Russian national Mikhail Pavlovich Matveev (30), aka Wazawaka, m1x, Boriselcin, and Uhodiransomwar, for his alleged role in multiple ransomware attacks.

The DoJ unsealed two indictments charging the man with using three different ransomware families in attacks aimed at numerous victims throughout the United States. The attacks hit law enforcement agencies in Washington, D.C. and New Jersey, as well as organizations in the healthcare and other sectors nationwide.

“According to the indictment obtained in the District of New Jersey, from at least as early as 2020, Mikhail Pavlovich Matveev, aka Wazawaka, aka m1x, aka Boriselcin, aka Uhodiransomwar, allegedly participated in conspiracies to deploy three ransomware variants.” reads the press release published by DoJ. “These variants are known as LockBit, Babuk, and Hive, and Matveev transmitted ransom demands in connection with each.”

According to the DoJ, total ransom demands allegedly made by the members of these three global ransomware campaigns to their victims is greater than $400 million. The total victim ransom payments amount to as much as $200 million.

On or about June 25, 2020, Matveev and his LockBit coconspirators targeted a law enforcement agency in Passaic County, New Jersey. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. On April 26, 2021, Matveev and his Babuk coconspirators hit the Metropolitan Police Department in Washington, D.C.

The Russian citizen has been charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, the man could face a sentence of over 20 years in prison. 

The man is suspected to be living in Russia and is operating from that country. Clearly, due to the ongoing geopolitical crisis, it’s unlikely that Russia will capture the man to extradite him to the United States. 

“From Russia and hiding behind multiple aliases, Matveev is alleged to have used these ransomware strains to encrypt and hold hostage for ransom the data of numerous victims, including hospitals, schools, nonprofits, and law enforcement agencies, like the Metropolitan Police Department in Washington, D.C.,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “Thanks to the extraordinary investigative work of prosecutors from my office and our FBI partners, Matveev no longer hides in the shadows – we have publicly identified his criminal acts and charged him with multiple federal crimes. Let today’s charges be a reminder to cybercriminals everywhere – my office is devoted to combatting cybercrime and will spare no resources in bringing to justice those who use ransomware attacks to target victims.” 

Matveev has been also added to the FBI’s Most Wanted list. The Treasury Department sanctioned the ransomware actor. The Department of State is offering up to $10 million for information that leads to the arrest of the man.

“Mikhail Pavlovich Matveev, a Russian National, is allegedly a prolific ransomware affiliate currently based in Russia.  Matveev has been linked to numerous ransomware variants including Lockbit, Babuk, and Hive.  He has allegedly conducted significant attacks against both United States and worldwide businesses, including critical infrastructure.  Matveev has also been identified as one of the alleged developers/administrators behind the Babuk ransomware variant.” warns the FBI.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ramsonware)