US Prosecutors Indict Russian for Ransomware Attacks

WASHINGTON — The Justice Department indicted a Russian citizen Tuesday prosecutors accused of ransomware campaigns that netted him and his conspirators about $200 million in stolen payments.

The victims were mostly in the United States. They included nonprofits, hospitals and police departments, such as the Washington, D.C., police.

Federal prosecutors hold out little hope for prosecuting the man they indicted, named Mikhail Matveev, as international politics keep him out of their reach. 

Matveev was indicted on the same day information technology executives warned two Senate committees that artificial intelligence is expanding the risks of bad actors perpetrating crimes through the internet and other computer networks.

“Data theft and extortion attempts by ransomware groups are corrosive, cynical attacks on key institutions and the good people behind them as they go about their business and serve the public,” U.S. Attorney Matthew M. Graves for the District of Columbia said in a statement.

Matveev allegedly targeted essential services, stole their private data and threatened to expose it publicly unless the victims paid him a fee. The gang also encrypted data on victims’ computers to prevent their access until they paid a ransom.

In the case of police in Washington, D.C., and Prospect Park, New Jersey, their departments refused to pay the ransom. In response, the hackers published leaked law enforcement documents with information about open investigations, joint operations with federal agencies and sensitive human resources details, according to the indictment.

The extortionists operated under the name the Babuk group for the attack in Washington that started on April 26, 2021.

They notified the police through their website that they “downloaded a sufficient amount of information from your internal networks” and gave them three days to arrange to pay a ransom or “we will start to contact gangs in order to drain the informants.”

Screenshots posted on the Babuk group website indicated that data taken from four computers included intelligence reports, information on gang conflicts, the jail census and administrative files.

During Senate Homeland Security and Justice subcommittee hearings Tuesday, information technology executives reiterated concerns that stronger government safeguards are needed against computer fraud generated by artificial intelligence.

“This is not necessarily the future we want,” said Sen. Richard Blumenthal, D-Conn., chairman of the Senate Judiciary Subcommittee on Privacy, Technology and the Law.

The FBI reports that hackers are stealing billions of dollars worldwide by tapping into computer networks. Prosecutors often are powerless to stop them as the hackers take refuge in Russia or countries with weak law enforcement.

The Justice Department is offering a $10 million reward for information leading to the arrest and conviction of Matveev. He faces more than 20 years in prison if he is prosecuted.

“Adding insult to injury, Matveev even stated, and I quote, ‘As soon as I have another chance to kick the expletive out of U.S. cops, I won’t think twice,'” said James E. Dennehy, special agent in charge of the FBI’s Newark, New Jersey, office.

The gang used various versions of ransomware that went under the names Babuk, Hive and Lockbit.

Lockbit appeared first in January 2020. The hackers are accused of executing more than 1,400 attacks against victims in the United States and around the world. They issued about $100 million in ransom demands and received roughly $75 million in illicit payments, according to the Justice Department.

The Babuk ransomware appeared around December 2020. The hackers used it for about 65 attacks around the world. For their $49 million in ransom demands, they received $13 million in payments.

The FBI suspects the Hive ransomware might still be active after appearing last June. The hackers have received as much as $120 million in ransom payments off Hive, according to the Justice Department.

Last week, the U.S. Cybersecurity and Infrastructure Security Agency warned infrastructure organizations that more criminal cyberattacks based in Russia might be coming soon as a result of U.S. support for Ukraine.

While advising increased security measures, the advisory said, “This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners” to the Ukrainian military.

The Justice Department case is United States of America v. Mikhail Pavlovich Matveev, number 2:22-cr-00825, in the U.S. District Court for the District of New Jersey.

You can reach us at [email protected] and follow us on Facebook and Twitter