The US is offering a $10m reward for information on a Russian man accused of launching ransomware attacks on critical infrastructure.
Mikhail Pavlovich Matveev, a 30-year-old Russian, has been charged by the US Justice Dept. for his alleged role in many ransomware attacks, including ones targeting critical infrastructure.
Matveev — known online as Wazawaka, m1x, Boriselcin, & Uhodiransomwar — has been charged with conspiring to transmit ransom demands, conspiring to damage protected computers, & intentionally damaging protected computers.
20 Years
He faces over 20 years in prison, but he is unlikely to be arrested & convicted soon considering that he is thought to be living in Russia. While law enforcement co-operation between Russia & the US seemed to be improving before the start of the Ukraine war, it’s unlikely that Russia will hand over any cyber-criminals to the US given their current relations.
States the US Justice Dept., Matveev has been linked with several major ransomware operations, including LockBit, Hive & Babuk. He & other members of these operations allegedly targeted 1,000s of entities in the US & elsewhere, including hospitals, schools, airlines, businesses, law enforcement, & other Govt. organisations.
Attacks
The specific examples shared by authorities include the LockBit attack on a Passaic County (NJ) police dept., a Hive attack on a healthcare organisation in Mercer County (NJ), & a Babuk attack on the Washington DC Metropolitan Police Dept.
Prosecutors explained that the 3 ransomware operations in which Matveev was involved wanted as much as $400m from their victims, & they are believed to have received up to $200m.
Wazawaka Identity
Matveev was revealed to be Wazawaka by Brian Krebs in early 2022, which the Russian confirmed shortly after. In Aug. 2022, he gave an interview to The Record in which, using his real name, detailed his hacking.
In addition to the charges brought against him, Matveev has been added to the FBI’s Most Wanted list, & the Treasury Department announced sanctions against him. The US Department of State announced that it is prepared to award up to $10m for information that leads to the man’s arrest.
Highly Active
The LockBit ransomware operation continues to be highly active, but Hive has been shut down by law enforcement. In the case of Babuk, its source code was leaked in 2021, which has led to the creation of several new ransomware families.
The FBI described Matveev as one of the “developers/administrators behind the Babuk ransomware variant.”
