The United States has charged a Russian national with multiple federal crimes related to ransomware attacks in the United States and around the world that netted tens of millions of dollars in ransom payments.
Two indictments unsealed in New Jersey and Washington charged Russian national Mikhail Matveyev with deploying three ransomware variants -- or "strains" -- that were used in numerous high-profile attacks dating back to 2020, the U.S. Justice Department said on May 16 in a news release.
The victims of the ransomware attacks included U.S. law enforcement and other government agencies, hospitals, and schools, the Justice Department said. Matveyev allegedly launched the attacks from his home in Russia, where he resides.
“From Russia and hiding behind multiple aliases, Matveyev is alleged to have used these ransomware strains to encrypt and hold hostage for ransom the data of numerous victims, including hospitals, schools, nonprofits, and law enforcement agencies, like the Metropolitan Police Department in Washington, D.C.,” U.S. Attorney Philip R. Sellinger for the District of New Jersey said in the news release.
According to the indictments, Matveyev and his co-conspirators in June 2020 deployed ransomware known as LockBit against a law enforcement agency in Passaic County, New Jersey. A nonprofit behavioral health-care organization based in Mercer County, New Jersey, was hit in May 2022 using a different ransomware variant known as Hive.
In April 2021, Matveyev and his co-conspirators are accused of launching an attack using a third variant known as Babuk against the Metropolitan Police Department in Washington. Matveyev and his Babuk co-conspirators allegedly then threatened to disclose sensitive information to the public unless a payment was made.
“The perpetrators behind each of these variants, including Matveyev, have allegedly used these types of ransomware to attack thousands of victims in the United States and around the world,” the Justice Department said.
Total ransom demands allegedly amounted to as much as $400 million, while total ransom payments amounted to as much as $200 million, the Justice Department said.
All three ransomware variants worked in the same way. The attackers first gained access to a vulnerable computer system, sometimes through their own hacking. They then deployed the malware and used it to encrypt the victims’ data, which the attackers would decrypt only if the victims paid the ransom.
The attackers would often threaten to post the victim’s data on a public website if they refused to pay.
Matveyev is charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If captured and convicted, he faces over 20 years in prison, the department said.
The U.S. State Department has announced an award of up to $10 million for information that leads to the arrest and conviction of Matveyev.