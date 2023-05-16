Listen 2 min Comment on this story Comment Gift Article Share

U.S. authorities announced criminal charges, economic sanctions and a $10 million reward Tuesday for information leading to the arrest of a Russian man accused of participating in a global ransomware campaign called Babuk, whose victims included the D.C. police department. Wp Get the full experience. Choose your plan ArrowRight The Department of the Treasury imposed an economic ban on financial dealings with Mikhail Matveev, calling him a central figure in launching cyberattacks against U.S. law enforcement, businesses and critical infrastructure in 2021.

“The United States will not tolerate ransomware attacks against our people and our institutions,” said Brian E. Nelson, undersecretary of the Treasury for Terrorism and Financial Intelligence. “Ransomware actors like Matveev will be held accountable for their crimes, and we will continue to use all available authorities and tools to defend against cyberthreats.”

According to analysis conducted by Treasury’s Financial Crimes Enforcement Network (FinCEN), 75 percent of ransomware-related incidents reported between July and December 2021 were linked to Russia, its proxies or people acting on its behalf. Matveev helped develop and deploy Russia-linked ransomware variants such as Hive, LockBit and Babuk, with Hive alone targeting more than 1,500 victims in more than 80 countries, the Treasury Department said. The attack targeted hospitals, school districts, financial firms and other critical infrastructure, the department said.

In Washington, a newly unsealed indictment alleged that Matveev, 30, of Kaliningrad, Russia, using the online monikers Wazawaka, m1x, Broriscelcin and Uhodiransomwar, committed intentional damage to a protected computer and threats relating to a protected computer. Each charge is punishable by up to 10 years in prison. Matveev was charged with a series of similar crimes in a federal indictment in New Jersey.

“Data theft and extortion attempts by ransomware groups are corrosive, cynical attacks on key institutions and the good people behind them as they go about their business and serve the public,” Matthew Graves, U.S. attorney for D.C., said in a statement with James Dennehy, FBI Newark Special Agent in Charge. “Thanks to exceptional work by our partners here, we identified and charged this culprit.”

According to the indictment, Babuk conspirators deployed Babuk ransomware against D.C. police on April 26, 2021, infecting department computer systems, stealing data and extorting the police agency, threatening disclosure of sensitive information unless payment was made, causing at least $5,000 in losses.

