The hacker was allegedly involved with multiple ransomware strains that attacked police departments, hospitals, and the Colonial Pipeline.
A Russian man has been charged by US authorities for his alleged connection to multiple ransomware schemes that netted him and other attackers nearly $200 million – much of which came through crypto.
Some of the victims of those ransomware attacks included hospitals, schools, and police departments.
$200 Million in Ransomware Payments
The culprit – Mikhail Pavlovich Matveev – was part of three ransomware gangs: Lockbit, Babuk and Hive. Collectively, they have obtained almost $200 million from victims after demanding funds in excess of $400 million, per figures from the Department of Justice.
The Department noted that Mateev was known online by multiple aliases, including “Wazawaka”, “m1x”, “Boriselcin”, and “Uhodiransomwa.”
“These international crimes demand a coordinated response,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division in the DOJ’s statement. “We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem.”
Some of Mateev’s alleged crimes included helping deploy Babuk ransomware against the Metropolitan Police Department in Washington, D.C. in April 2021, as well as a New Jersey nonprofit behavioral healthcare organization in May 2022.
In the former case, the criminal and his co-conspirators threatened to disclose sensitive materials to the public unless payments were made. Babuk ransomware actors have executed at least 65 attacks around the world since December 2020, demanding $49 million in payments, and receiving at least $13 million.
In January 2022, cybersecurity journalist Brian Krebs reported that Mateev had claimed affiliation with the Darkside ransomware groups, according to Bloomberg. Darkside was responsible for a ransomware attack against the Colonial Pipeline in 2021, which netted the attackers 63.7 BTC in forced payments.
Crypto’s Role in Ransomware
Cryptocurrencies like Bitcoin have become popular tools for conducting ransomware attacks since 2021. Unlike traditional bank transfers, hackers can easily remain anonymous when requesting payments in Bitcoin, and such payments cannot be reversed or reclaimed by a bank or government.
According to Chainalysis, ransomware revenue fell substantially in 2022 to $456.8 million, compared to $765.6 million in 2021. Experts attributed the drop to a decrease in victims’ willingness to pay a ransom – especially as sanctions rules against such payments by the US Treasury Department have made them riskier to conduct.
In January, the FBI announced that it had taken down the HIVE ransomware network, which had members across North America and Europe.