Alleged Russian Hacker Charged in $200 Million Ransomware Spree

A Russian man was charged by US authorities in connection with his alleged role with multiple ransomware gangs that attacked hospitals, schools and police departments. From a report: Mikhail Pavlovich Matveev, who was known online as Wazawaka, was an active member of three ransomware gangs that collectively demanded $400 million from victims and received nearly $200 million in ransom payments, according to the Department of Justice. Ransomware groups typically hack into computer networks and deploy malicious software that encrypts computers and makes them unusable. The groups demand extortion payments in cryptocurrency and threaten to leak stolen data online if the ransom is not paid.

Matveev was allegedly a member of the Lockbit, Babuk and Hive ransomware gangs. Those groups are "ranked among the most active and destructive cybercriminal threats in the world," Philip Sellinger, the US attorney for the district of New Jersey, wrote in an indictment. Matveev, along with other members of the ransomware gangs, attacked as many as 2,800 victims in the US and around the world, Sellinger wrote. The alleged victims include the Metropolitan Police Department in the District of Columbia, which was attacked with ransomware in 2021. The hackers proceeded to publish dozens of stolen personnel files. The groups also targeted churches and nonprofits, the Department of Justice said.

Just this morning...

[Jerry Rivers]

...I received a bogus ransomware email on my corporate account demanding $1600 in Bitcoin or it will release a compromising video of me pleasuring myself.
The email is real enough, but the claims it makes are bogus. First, I don't pleasure myself or surf porn at the office, and second, I use a Mac 95% of the time. When I do use Windows, which is relatively rarely, it's only for server administration, never for browsing or downloading. Third, we are compelled (which is a very good thing) to use Symantec Endp

Re:

[test321]

What is connection with your operating system? Did the email mention it?

Re:

[Jerry Rivers]

I didn't give all the details, but yes, it implied I was using a Windows box.

Re:

[ls671]

Welcome to the real world! Most of us here must have seen that email at least 2 dozen times! :)

Re:

[Jerry Rivers]

If being "a member of the real world" requires receiving ransom emails, I'll happily divorce myself reality.

I ignore 100% of this crap on my personal accounts, but it's hard to ignore on my corporate email, which I am required to forward to Infosec.

Re:

[ls671]

Not sure if these types of emails even qualify as ransom email, certainly not ransomware. Also, I guess the people sending those emails have no respect for the "corporate" flag set on that email account of yours. Report them if you must but infosec isn't going to do anything about them apart from re-issuing normal guidance about the proper way to handle emails.

Re:

[KiloByte]

use Symantec Endpoint Protection

And here's how you got pwned. Finding its own holes is hard, that's why malware likes to abuse other malware which already got there first.

I received a bogus ransomware email on my corporate account demanding $1600 in Bitcoin or it will release a compromising video of me pleasuring myself.

Where have you been the past decade? That's one of most common spam themes these days.

If he is in Russia

[FudRucker]

I doubt Putin will cooperate with the US justice system

Re:

[DrMrLordX]

Nah he's probably already on the Kremlin payroll somehow. They wouldn't conscript an asset like him.

- who, what, where ? -

[swell]

So an anonymous US authority filed some charges. Well that's darn near informative!

And where is this man being held? On what charges? By whom? Oh? He's not arrested? He's in some country from which he can't be extradited?

Even for Slashdot this Summary is extremely vague.

Better version:

[Gibgezr]

https://timesofmalta.com/artic... [timesofmalta.com]
Here's a much better, succinct and fact-filled version. He's been charged but not arrested, and they are offering 10 mil for information leading to his arrest. He is assumed to be currently in Russia it seems.

Re:

[Beerismydad]

Just promulgate the guy's image, information, and reward details as broadly as possible inside the known criminal networks and around Ukraine. Once the Russian government collapses upon itself in a a couple of years, this guy will be delivered. There is no honor among thieves, and there will be a great deal of cross-border vigilante justice being visited upon Russians by Ukrainians.