Cyber Security News

Russian Hacker Charged for Targeting US Critical Infrastructure

On Tuesday, the Justice Department unsealed two indictments charging a Russian national and resident with orchestrating a series of ransomware attacks across the United States. The individual is accused of employing three distinct ransomware variants to target a wide range of victims, including law enforcement agencies, healthcare institutions, and various sectors critical to national infrastructure.

The indictments shed light on the severity and extent of the attacks, which struck at the heart of cybersecurity vulnerabilities within the US. Law enforcement agencies in Washington, D.C., and New Jersey were among the targeted entities, emphasizing the potential risks to public safety and national security.

“From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “These international crimes demand a coordinated response. We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem.”

LockBit, Hive and Babuk Ransomware Strains 

Mikhail Pavlovich Matveev, aka Wazawaka, aka m1x, aka Boriselcin, aka Uhodiransomwar, allegedly utilized three different ransomware strains to carry out these attacks.

  • LockBit: On or about June 25, 2020, the individual and his co-conspirators deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey.
  • Hive: On or about May 27, 2022, the accused and his co-conspirators deployed Hive ransomware against a nonprofit behavioral healthcare organization headquartered in Mercer County, New Jersey.
  • Babuk: On April 26, 2021, the Russian national and his co-conspirators allegedly deployed Babuk ransomware against the Metropolitan Police Department in Washington, D.C.

These three distinct ransomware strains demonstrate the sophistication and diversity of the attacker's methods.

“From Russia and hiding behind multiple aliases, Matveev is alleged to have used these ransomware strains to encrypt and hold hostage for ransom the data of numerous victims, including hospitals, schools, nonprofits, and law enforcement agencies, like the Metropolitan Police Department in Washington, D.C.,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “Thanks to the extraordinary investigative work of prosecutors from my office and our FBI partners, Matveev no longer hides in the shadows – we have publicly identified his criminal acts and charged him with multiple federal crimes. Let today’s charges be a reminder to cybercriminals everywhere – my office is devoted to combatting cybercrime and will spare no resources in bringing to justice those who use ransomware attacks to target victims.” 

U.S. Attorney Matthew M. Graves for the District of Columbia said “Whether these criminals target law enforcement, other government agencies, or private companies like health care providers, we will use every tool at our disposal to prosecute and punish such offenses. Thanks to exceptional work by our partners here, we identified and charged this culprit.”