(Bloomberg) -- A Russian man was charged by US authorities in connection with his alleged role with multiple ransomware gangs that attacked hospitals, schools and police departments.
Mikhail Pavlovich Matveev, who was known online as Wazawaka, was an active member of three ransomware gangs that collectively demanded $400 million from victims and received nearly $200 million in ransom payments, according to the Department of Justice.
Ransomware groups typically hack into computer networks and deploy malicious software that encrypts computers and makes them unusable. The groups demand extortion payments in cryptocurrency and threaten to leak stolen data online if the ransom is not paid.
Matveev was allegedly a member of the Lockbit, Babuk and Hive ransomware gangs. Those groups are “ranked among the most active and destructive cybercriminal threats in the world,” Philip Sellinger, the US attorney for the district of New Jersey, wrote in an indictment. Matveev, along with other members of the ransomware gangs, attacked as many as 2,800 victims in the US and around the world, Sellinger wrote.
The alleged victims include the Metropolitan Police Department in the District of Columbia, which was attacked with ransomware in 2021. The hackers proceeded to publish dozens of stolen personnel files.
The groups also targeted churches and nonprofits, the Department of Justice said.
Matveev’s identity was previously revealed by cybersecurity journalist Brian Krebs in January 2022. At the time, Krebs reported that Matveev had claimed affiliation with the Darkside ransomware group, which claimed responsibility for the attack on Colonial Pipeline Co. in May 2021.
“From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division.
In addition the the indictment, Matveev was sanctioned by US Department of the Treasury’s Office of Foreign Assets Control “for his role in launching ransomware attacks against US law enforcement, businesses, and critical infrastructure,” the Department of Justice said in a press release.
©2023 Bloomberg L.P.