Russian Ransomware Perp Charged After High-Profile Hive, Babuk & LockBit Hits

LockBit, Babuk, and Hive ransomware used by Russian to target critical US organizations, DOJ says.

Dark Reading Staff, Dark Reading

May 16, 2023

1 Min Read
script with russian writing to illustrate russian ransomware operator
Source: f:nalinframe via Alamy Stock Photo

Russian national Mikahail Pavlovich Matveev has been charged by the US Department of Justice (DoJ) for launching ransomware attacks on critical organizations including law enforcement agencies, healthcare operations, and more.

Matveev is estimated by the DoJ to have demanded as much as $400 million in ransom payments from his victims over his years as a ransomware operator, and to have actually collected as much as $200 million in extortion money.

The DoJ alleges that Matveev used three ransomware variants in his cybercrimes. In June 2020, he was accused by the DoJ of conspiring to deploy LockBit against New Jersey law enforcement. In addition, Matveev used Hive against a nonprofit healthcare organization in New Jersey in May 2022, and used Babuk ransomware to shake down the Washington DC Metropolitan Police Department, the DoJ added.

"From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors," said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department's Criminal Division in a statement about the newly unsealed charges against the alleged ransomware operator. "These international crimes demand a coordinated response. We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem."

If convicted, Matveev faces up to 20 years in prison; however, he resides in Russia, making the carrying out of any sentence highly unlikely.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights