A Russian man has been charged and indicted by the US Department of Justice (DoJ) for launching a ransomware attack against “thousands of victims” in the country and around the world.
The 30-year-old individual in question, Mikhail Pavlovich Matveev (a.k.a. Wazawaka, m1x, Borisersin, Ukhodi Ransomwar), has been a “lead man” in the development and deployment of LockBit, Babak, and Hive ransomware variants since 2016. It is said to be Until at least June 2020.
“These victims include law enforcement and other government agencies, hospitals and schools,” the Justice Department said. “These are three global ransomware campaign members allegedly made against victims. reaches.”
LockBit, Babak, and Hive operate similarly, leveraging illegitimately obtained access to steal valuable data and deploy ransomware on compromised networks. Attackers also threaten to publish stolen information on data exfiltration sites in order to negotiate ransoms with victims.
Matveev is charged with conspiring to send a ransom demand, conspiring to damage a protected computer, and intentionally damaging a protected computer. If convicted, which is unlikely, he faces more than 20 years in prison.
The US State Department also announced a reward of up to $10 million for information leading to Matveyev’s arrest and/or conviction.
Separately, the Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against the defendant, stating that “his misconduct will be tolerated by local authorities as long as he remains loyal to Russia.”
According to cybersecurity journalist Brian Krebs, one of Matveev’s alter-egos includes Orange, and the defendant contributed Orange to the opening of the now-defunct Russian Anonymous Marketplace (aka RAMP) darknet forums. said to have been used.
Despite recent law enforcement actions to crack down on the cybercriminal ecosystem, the Ransomware as a Service (RaaS) model remains a profitable model, requiring system development and maintenance. It offers high profit margins to affiliates without. the malware itself.
The financial mechanics associated with RaaS also lower the barriers to entry for would-be cybercriminals, allowing them to take advantage of services provided by ransomware developers to launch attacks and keep most of their illicit profits private. I can.
Australian and US Authorities Release BianLian Ransomware Warning
The move comes after US and Australian cybersecurity agencies released a joint advisory on the BianLian ransomware, a double extortion group that has targeted several critical infrastructure, professional services and real estate development sectors since June 2022. It was done in response to that.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how to stop ransomware attacks using real-time MFA and service account protection.
Reserve your seat!
“This group accesses victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open source tools and command line scripts for detection and credential collection, and uses File Transfer Protocol (FTP) , Rclone, or Mega to extract victim data,” according to the recommendation.
Earlier this year, Czech cybersecurity company Avast released a free decryption tool for the BianLian ransomware to help malware victims recover their locked files without paying the attackers.
The security bulletin bears similarities to another locker called BlackBit, amid the emergence of a new ransomware strain called LokiLocker, which has been observed actively targeting South Korean companies. was also published.
