The United States Department of Justice (DOJ) unsealed an indictment on Tuesday charging a Russian national with carrying out multiple ransomware attacks, including one against the Washington, D.C., Metropolitan Police Department (MPD).
The DOJ identified the man as Mikhail Matveev, who lives in Kaliningrad, Russia. Matveev is accused of developing and using three ransomware variants — Hive, LockBit, and Babuk — to encrypt victims’ computer systems and demand ransom payments. Online aliases for Mateev include Wazawaka, m1x, Boriselcin, and Uhodiransomwar.
The indictment alleges that Matveev was involved in a ransomware attack against the MPD in April 2021. The attack caused the MPD to lose access to its computer systems for several days and resulted in the publication of sensitive information, including police tactics and personnel files.
The DOJ also alleges that Matveev was involved in ransomware attacks against law enforcement agencies in New Jersey (Passaic and Mercer County Police Departments) and several victims in the healthcare sector.
Mateev demanded at least $400 million from his victims and received up to $200 million according to prosecutors.
If convicted, Matveev faces up to 20 years in prison for each count of ransomware conspiracy.
The indictment against Matveev is the latest in a series of actions the DOJ took to combat ransomware attacks. In October 2022, the DOJ announced the disruption of the REvil ransomware operation, which was responsible for a number of high-profile attacks, including the Colonial Pipeline ransomware attack.
The LockBit ransomware operation has been shut down, but Hive ransomware strains are still in operation. Babuk’s ransomware source code was released and led to several offspring variants still in use today.
The DOJ’s actions against ransomware actors are a sign of the growing threat posed by ransomware attacks. Ransomware attacks are a significant economic and national security threat, and the DOJ is committed to disrupting and dismantling ransomware operations.
