The United States Department of Justice (DOJ) has announced the indictment of a Russian national for orchestrating a crypto-ransomware scheme that specifically targeted the infrastructure of the United States.
On May 16, the unsealed indictments revealed the identity of the accused as Mikhail Pavlovich Matveev, who is known by several aliases such as Wazawaka, m1x, Boriselcin, and Uhodiransomwar.
The press release from the Justice Department stated that Matveev’s attack targeted a wide range of victims throughout the United States, encompassing law enforcement agencies in Washington, DC, and New Jersey, as well as healthcare and various other sectors nationwide.
$200m of illicit profits uncovered
The ransomware employed in these attacks was identified as variants of LockBit, Babuk, and Hive, with Matveev allegedly demanding ransom payments amounting to as much as $400 million.
According to estimates, Matveev could pilfer approximately $200 million through these illicit activities.
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division emphasized the global nature of Matveev’s operations, stating,
“From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure worldwide, including hospitals, government agencies, and victims in other sectors. These international crimes demand a coordinated response. We will not relentlessly impose consequences on the most egregious actors in the cybercrime ecosystem.”
Matveev has gained notoriety within the cybercrime community due to his unconventional behavior. In 2022, he publicly released exploit codes and taunted researchers and journalists.
This unconventional approach attracted media attention, with publishers even sharing selfies and videos associated with Matveev.
His brazen attitude and disregard for caution seemed to contrast with the increasing scrutiny faced by ransomware groups.
However, it appears that Matveev’s audacity has finally caught up with him, leading to the recent law enforcement action against him.
Russian cybercriminals continue to operate in the crypto space
It is worth noting that Russian entities have been linked to numerous cyberattacks involving cryptocurrencies.
In 2022, a Russian national pleaded not guilty to laundering ransom payments related to attacks on US infrastructure while outside actors targeted a Ukrainian gas firm.
While some cybercriminals have been motivated by explicitly negative intentions, not all fit this mold. A notable example is the self-proclaimed “Robin Hood” attacker who stole funds from Russian law enforcement and donated them to Ukraine.
Despite their positive actions, the identity of this individual remains anonymous, generating considerable attention within the crypto community.
As law enforcement agencies continue to combat cyber threats globally, the charges against Matveev represent a step forward in holding accountable those responsible for destabilizing critical infrastructure.
The international cooperation required to address these crimes underscores the collective effort needed to safeguard the digital landscape and protect vulnerable entities from the damaging effects of cyberattacks.