The federal government in the United States has formally charged a Russian national that is alleged to have been a key member of the Babuk ransomware-as-a-service operation – The group responsible for an attack on the Washington, D.C. Metropolitan Police Department in 2021 shortly before the group was disbanded. Mikhail Pavlovich Matveev, 31, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been charged in a four-count indictment for conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. The indictment includes two felony charges related to the D.C. Metropolitan Police Department attack. In that attack, the group demanded a $4 million ransom, and when it was not paid the group dumped 250 gigabytes of data stolen from the Police Department.
Matveev is also alleged to have been part of the Hive and LockBit ransomware operations. The other two felony charges relate to an attack on a nonprofit behavioral healthcare provider in 2022 in Mercer County, New Jersey where Hive ransomware was deployed, and an earlier attack involving LockBit ransomware in June 2020 on the Prospect Park Police Department in Passaic County, New Jersey. “Matveev is responsible for multiple ransomware variants as an affiliate and has actively targeted U.S. businesses and critical infrastructure,” said FBI Special Agent James E. Dennehy announcing the indictment.
Matveev is understood to reside in Kaliningrad in Russia, although has ties to St. Petersburg and is believed to travel regularly between the two locations. Matveev has been vocal about his illegal activities. He has disclosed exploit code to other cybercriminals, has discussed his attacks in media interviews, and is confident that his illegal activities will be tolerated provided he remains loyal to Russia. A $10 million reward is being offered by the state department for information that leads to an arrest or conviction. While the U.S. is looking to extradite Matveev, that is extremely unlikely as long as Matveev remains in Russia. Russia does not have an extradition treaty with the United States and does not extradite its nationals. Matveev appears confident he is safe in Russia. He responded to the indictment in comments to CNN saying, “I don’t give a f*** at all.” If convicted, Matveev faces 20 years in prison. The US. Department of the Treasury has also added Matveev to its sanctions list, which means ransom payments are prohibited and his assets are subject to seizure.
“The impacts of ransomware attacks are significant and far-reaching, with victims suffering loss and disclosure of sensitive information and disruption of critical services,” said U.S. Department of State spokesperson Matthew Miller. “Russia is a safe haven for cybercriminals, an environment in which ransomware actors are free to conduct malicious cyber operations against the United States and our partners and allies.”