May 17, 2023Ravi LakshmananCyber ​​Crime / Ransomware

A Russian man has been charged and indicted by the US Department of Justice (DoJ) for launching a ransomware attack against “thousands of victims” in the country and around the world.

Mikhail Pavlovich Matveev (alias wazawakam1x, Boriselcin, and Uhodiransomwar), the 30-year-old individual in question, has been purported to be a “lead man” in the development and deployment of LockBit, Babak, and Hive ransomware variants since at least June 2020.

“These victims include law enforcement and other government agencies, hospitals and schools,” the Justice Department said. Said. “These 3 global ransomware campaign members allegedly made ransom demands against victims amounting to her $400 million, while victims paid ransoms totaling her $200 million.” reaches.”

LockBit, Babak, and Hive operate in a similar fashion, leveraging illegally obtained access to steal valuable data and deploy ransomware on compromised networks. Attackers also threaten to publish stolen information on data exfiltration sites in order to negotiate ransoms with victims.

cyber security

Matveev is charged with conspiring to send a ransom demand, conspiring to damage a protected computer, and intentionally damaging a protected computer. If convicted, which is unlikely, he faces more than 20 years in prison.

The U.S. State Department also announced A reward of up to $10 million will be offered for information leading to Matveev’s arrest and/or conviction.

Separately, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against the defendants. Says “As long as he remains loyal to Russia, his misconduct will be tolerated by local authorities.”

According to cybersecurity journalist Brian Krebs, one of Matveev’s alter ego was: orangethe defendant used it to establish the now-defunct Russian Anonymous Marketplace (aka RAMP) darknet forum.

Recent years have seen a flurry of law enforcement action to crack down on the cybercrime ecosystem, but ransomware as a service (RaaS) model remains a profitable model, offering affiliates high profit margins without having to develop and maintain malware themselves.

The financial mechanics associated with RaaS also lower the barriers to entry for would-be cybercriminals, allowing them to take advantage of services provided by ransomware developers to launch attacks and keep most of their illicit profits private. I can.

Australian and US Authorities Release BianLian Ransomware Warning

The move comes after US and Australian cybersecurity agencies released a joint advisory on the BianLian ransomware, a double extortion group that has targeted several critical infrastructure, professional services and real estate development sectors since June 2022. It was done in response to that.

upcoming webinars

Learn how to stop ransomware with real-time protection

Join our webinar to learn how to stop ransomware attacks using real-time MFA and service account protection.

Reserve your seat!

“This group accesses victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open source tools and command line scripts for detection and credential collection, and uses File Transfer Protocol (FTP) Extract the victim’s data via , Rclone, or Mega., by Recommendation.

Earlier this year, Czech cybersecurity company Avast released a free decryption tool for the BianLian ransomware to help malware victims recover their locked files without paying the attackers.

This security bulletin is loki rocker It bears similarities to another locker called BlackBit, which has been observed actively targeting South Korean companies.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog