Russian national, Mikhail Pavlovich Matveev, has been charged and indicted for launching ransomware attacks against thousands of victims in the US and across the world, the US Department of Justice (DoJ) said in a press release.The US Department of State has also announced an award of up to $10 million for information that leads to the arrest and\/or conviction of the Russian national.\u201cAccording to the indictment obtained in the District of New Jersey, from at least as early as 2020, Mikhail Pavlovich Matveev, aka Wazawaka, aka m1x, aka Boriselcin, aka Uhodiransomwar, allegedly participated in conspiracies to deploy three ransomware variants,\u201d the DOJ said in a statement.The three variants are LockBit, Babuk, and Hive, and Matveev transmitted ransom demands in connection with each. The three ransomware groups\u2019 victims include law enforcement and other government agencies, hospitals, and schools.Matveev is charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, he faces over 20 years in prison.$400 million demanded in ransomTotal ransom demands allegedly made by the members of these three global ransomware campaigns from their victims amount to as much as $400 million. While total victim ransom payments amount to as much as $200 million, the DOJ said.\u00a0The LockBit ransomware variant first appeared in January 2020. Threat actors behind the LockBit ransomware have executed over 1,400 attacks against victims in the US and around the world, demanding over $100 million in ransom and receiving over $75 million in ransom payments.\u00a0\u201cOn or about June 25, 2020, Matveev and his LockBit coconspirators allegedly deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey,\u201d the DOJ said.The Babuk ransomware variant first appeared around December 2020. Babuk actors executed over 65 attacks against victims in the US and around the world, demanding over $49 million in ransom demands and receiving as much as $13 million in ransom payments.\u201cOn April 26, 2021, Matveev and his Babuk coconspirators allegedly deployed Babuk against the Metropolitan Police Department in Washington, DC,\u201d the DOJ said.\u00a0Since June 2021, the Hive ransomware group has targeted more than 1,400 victims around the world and received as much as $120 million in ransom payments.\u00a0\u201cOn or about May 27, 2022, Matveev and his Hive coconspirators allegedly deployed Hive against a nonprofit behavioral healthcare organization headquartered in Mercer County, New Jersey,\u201d the DOJ said.\u00a0The LockBit, Babuk, and Hive ransomware variants operate in the same manner. First, the ransomware actors identify and unlawfully access vulnerable computer systems, either through their own hacking or by purchasing stolen access credentials from others.Then the threat actors would deploy the ransomware variant within the victim\u2019s computer system, allowing the actors to encrypt and steal data. After this, the actors send a ransom note to the victim demanding payment in exchange for decrypting the victim\u2019s data or refraining from sharing it publicly. If a victim does not pay, ransomware actors would often post that victim\u2019s data on their data leak site.Focus on RussiaRussia is a haven for ransomware actors, enabling cybercriminals like Matveev to engage openly in ransomware attacks against US organizations, according to a release by the US Department of the Treasury.\u00a0About 75% of ransomware-related incidents reported between July and December 2021 were linked to Russia, its proxies, or persons acting on its behalf, according to Treasury\u2019s Financial Crimes Enforcement Network.\u00a0\u201cThe United States will not tolerate ransomware attacks against our people and our institutions,\u201d Secretary of the Treasury for Terrorism and Financial Intelligence Brian E Nelson, said in a press note.\u201cRansomware actors like Matveev will be held accountable for their crimes, and we will continue to use all available authorities and tools to defend against cyber threats,\u201d Nelson added.