The United States on Tuesday unveiled charges against a Russian national accused of carrying out multiple ransomware attacks, including a 2021 incident against the Washington, D.C., Metropolitan Police Department.
Mikhail Matveev, who lives in Kaliningrad, Russia, is charged with ransomware incidents affecting law enforcement in New Jersey, as well as several victims in the health care sector, according to newly unsealed indictments from the Justice Department. Along with the criminal charges, the Treasury announced sanctions barring Matveev, 30, from conducting financial transactions in the United States, and the State Department issued a $10 million reward for his arrest.
The investigation into Matveev involved the FBI, IRS and local law enforcement in D.C. and New Jersey, as well as authorities from Japan, the U.K., France, Germany and the European Union.
Matveev was indicted in federal district court in both D.C. and New Jersey. He faces multiple counts of transmitting ransom demands, conspiracy to damage protected computers and intentionally damaging protected computers. The charges carry a maximum penalty of 20 years in prison.
“Data theft and extortion attempts by ransomware groups are corrosive, cynical attacks on key institutions and the good people behind them as they go about their business and serve the public,” Matthew Graves, the U.S. attorney for D.C., said in a press release. “Whether these criminals target law enforcement, other government agencies, or private companies like health care providers, we will use every tool at our disposal to prosecute and punish such offenses.”
According U.S. authorities, Matveev was a “central figure” in the development of three ransomware variants — Hive, LockBit and Babuk. The Babuk malware was used in the April 2021 attack against the Metropolitan Police Department, which included the publication of documents related to police tactics and detailed personnel files on dozens of officers.
LockBit and Hive have been two of the most prolific ransomware types in recent years, with the Hive operation linked to more than 1,500 incidents in 80 countries until it was disrupted earlier this year by an FBI-led international operation. LockBit, which first appeared in 2020, has netted more than $75 million in ransom payments from more than 1,400 operations, the Justice Department said.
Matveev has given interviews in Russia in which he’s claimed credit for some of these incidents, including the MPD attack, and professed his loyalty to the Kremlin. According to the Treasury’s Financial Crimes Reporting Network, roughly three-fourths of all ransomware attacks globally in the second half of 2021 were tied to actors in Russia.
While Matveev is currently out of reach of U.S. law enforcement while in Russia, other individuals affiliated with his ransomware crews have been arrested. Last October, Canadian authorities arrested a LockBit suspect named Mikhail Vasiliev, who faces extradition to the U.S. to face charges.