A Russian man has been charged and indicted by the US Department of Justice (DoJ) for launching a ransomware attack against “thousands of victims” in the country and around the world.
Mikhail Pavlovich Matveev (alias wazawakam1x, Boriselcin, and Uhodiransomwar), the 30-year-old individual in question, has been purported to be a “lead man” in the development and deployment of LockBit, Babak, and Hive ransomware variants since at least June 2020.
“These victims include law enforcement and other government agencies, hospitals and schools,” the Justice Department said. Said. “These 3 global ransomware campaign members allegedly made ransom demands against victims amounting to her $400 million, while victims paid ransoms totaling her $200 million.” reaches.”
LockBit, Babak, and Hive operate in a similar fashion, leveraging illegally obtained access to steal valuable data and deploy ransomware on compromised networks. Attackers also threaten to publish stolen information on data exfiltration sites in order to negotiate ransoms with victims.
Matveev is charged with conspiring to send a ransom demand, conspiring to damage a protected computer, and intentionally damaging a protected computer. If convicted, which is unlikely, he faces more than 20 years in prison.
The U.S. State Department also announced A reward of up to $10 million will be offered for information leading to Matveev’s arrest and/or conviction.
Separately, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against the defendants. Says “As long as he remains loyal to Russia, his misconduct will be tolerated by local authorities.”
According to cybersecurity journalist Brian Krebs, one of Matveev’s alter ego was: orangethe defendant used it to establish the now-defunct Russian Anonymous Marketplace (aka RAMP) darknet forum.
Recent years have seen a flurry of law enforcement action to crack down on the cybercrime ecosystem, but ransomware as a service (RaaS) model remains a profitable model, offering affiliates high profit margins without having to develop and maintain malware themselves.
The financial mechanics associated with RaaS also lower the barriers to entry for would-be cybercriminals, allowing them to take advantage of services provided by ransomware developers to launch attacks and keep most of their illicit profits private. I can.
Australian and US Authorities Release BianLian Ransomware Warning
The move comes after US and Australian cybersecurity agencies released a joint advisory on the BianLian ransomware, a double extortion group that has targeted several critical infrastructure, professional services and real estate development sectors since June 2022. It was done in response to that.
“This group accesses victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open source tools and command line scripts for detection and credential collection, and uses File Transfer Protocol (FTP) Extract the victim’s data via , Rclone, or Mega., by Recommendation.
Earlier this year, Czech cybersecurity company Avast released a free decryption tool for the BianLian ransomware to help malware victims recover their locked files without paying the attackers.
This security bulletin is loki rocker It bears similarities to another locker called BlackBit, which has been observed actively targeting South Korean companies.