Mikhail Pavlovich Matveev is charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. Credit: Metamorworks / Morrison1977 / Getty Images Russian national, Mikhail Pavlovich Matveev, has been charged and indicted for launching ransomware attacks against thousands of victims in the US and across the world, the US Department of Justice (DoJ) said in a press release.The US Department of State has also announced an award of up to $10 million for information that leads to the arrest and/or conviction of the Russian national.“According to the indictment obtained in the District of New Jersey, from at least as early as 2020, Mikhail Pavlovich Matveev, aka Wazawaka, aka m1x, aka Boriselcin, aka Uhodiransomwar, allegedly participated in conspiracies to deploy three ransomware variants,” the DOJ said in a statement.The three variants are LockBit, Babuk, and Hive, and Matveev transmitted ransom demands in connection with each. The three ransomware groups’ victims include law enforcement and other government agencies, hospitals, and schools. Matveev is charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, he faces over 20 years in prison.$400 million demanded in ransomTotal ransom demands allegedly made by the members of these three global ransomware campaigns from their victims amount to as much as $400 million. While total victim ransom payments amount to as much as $200 million, the DOJ said. The LockBit ransomware variant first appeared in January 2020. Threat actors behind the LockBit ransomware have executed over 1,400 attacks against victims in the US and around the world, demanding over $100 million in ransom and receiving over $75 million in ransom payments. “On or about June 25, 2020, Matveev and his LockBit coconspirators allegedly deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey,” the DOJ said.The Babuk ransomware variant first appeared around December 2020. Babuk actors executed over 65 attacks against victims in the US and around the world, demanding over $49 million in ransom demands and receiving as much as $13 million in ransom payments.“On April 26, 2021, Matveev and his Babuk coconspirators allegedly deployed Babuk against the Metropolitan Police Department in Washington, DC,” the DOJ said. Since June 2021, the Hive ransomware group has targeted more than 1,400 victims around the world and received as much as $120 million in ransom payments. “On or about May 27, 2022, Matveev and his Hive coconspirators allegedly deployed Hive against a nonprofit behavioral healthcare organization headquartered in Mercer County, New Jersey,” the DOJ said. The LockBit, Babuk, and Hive ransomware variants operate in the same manner. First, the ransomware actors identify and unlawfully access vulnerable computer systems, either through their own hacking or by purchasing stolen access credentials from others.Then the threat actors would deploy the ransomware variant within the victim’s computer system, allowing the actors to encrypt and steal data. After this, the actors send a ransom note to the victim demanding payment in exchange for decrypting the victim’s data or refraining from sharing it publicly. If a victim does not pay, ransomware actors would often post that victim’s data on their data leak site.Focus on RussiaRussia is a haven for ransomware actors, enabling cybercriminals like Matveev to engage openly in ransomware attacks against US organizations, according to a release by the US Department of the Treasury. About 75% of ransomware-related incidents reported between July and December 2021 were linked to Russia, its proxies, or persons acting on its behalf, according to Treasury’s Financial Crimes Enforcement Network. “The United States will not tolerate ransomware attacks against our people and our institutions,” Secretary of the Treasury for Terrorism and Financial Intelligence Brian E Nelson, said in a press note.“Ransomware actors like Matveev will be held accountable for their crimes, and we will continue to use all available authorities and tools to defend against cyber threats,” Nelson added. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe