Russian ransomware affiliate charged with attacks on critical infrastructure

The U.S. Justice Department has filed charges against a Russian citizen named Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for involvement in three ransomware operations that targeted victims across the United States.

Matveev's association with Russia-linked ransomware variants—including Hive, LockBit, and Babuk—has drawn the attention of law enforcement due to their global impact and substantial financial losses.

"Matveev is responsible for multiple ransomware variants as an affiliate and has actively targeted U.S. businesses and critical infrastructure," FBI Special Agent James E. Dennehy said in a press conference today.

"The attacks on critical infrastructure involved two law enforcement agencies, the Prospect Park Police Department, here in New Jersey, and the Metropolitan Police Department in Washington DC."

Mikhail Matveev was also sanctioned by the Department of the Treasury's Office of Foreign Assets Control (OFAC) for launching cyberattacks against U.S. entities, including U.S. critical infrastructure organizations and law enforcement.

"Matveev has been vocal about his illegal activities. He has provided insight into his cybercrimes in media interviews, disclosed exploit code to online criminals, and stated that his illicit activities will be tolerated by local authorities provided that he remains loyal to Russia," OFAC said.

According to a Justice Department press release and unsealed indictments in New Jersey and the District of Columbia, Matveev worked with at least three ransomware gangs in attacks against healthcare and law enforcement organizations:

• In June 2020, Matveev and LockBit coconspirators allegedly deployed LockBit ransomware on the network of a law enforcement agency in Passaic County, New Jersey. 
• In April 2021, the defendant and Babuk ransomware coconspirators allegedly deployed malicious payloads on the systems of the Metropolitan Police Department in Washington, D.C.
• In May 2022, Matveev and Hive ransomware gang members allegedly encrypted the systems of a nonprofit behavioral healthcare organization headquartered in Mercer County, New Jersey. 

The U.S. Department of State has also announced a reward of up to $10 million, under the Transnational Organized Crime Rewards Program (TOCRP), for any information that could lead to the arrest or conviction of Matveev for transnational organized crime.

"The impacts of ransomware attacks are significant and far-reaching, with victims suffering loss and disclosure of sensitive information and disruption of critical services," said U.S. Department of State spokesperson Matthew Miller.

"Russia is a safe haven for cybercriminals, an environment in which ransomware actors are free to conduct malicious cyber operations against the United States and our partners and allies."