Russian citizen wanted in ‘global ransomware campaign’ held hostage police data in DC, New Jersey: DOJ

The Justice Department on Tuesday quashed two indictments against a Russian citizen over a “global ransomware campaign” that allegedly involved cyberattacks on law enforcement agencies in New Jersey and Washington, DC, as well as victims in healthcare settings and other areas nationwide.

Mikhail Pavlovich Matveyev, 30, of Kaliningrad, Russia, is charged with intentionally damaging a protected computer and making threats in connection with a protected computer.

According to the Federal Prosecutor’s Office, the maximum statutory penalty for each crime is ten years in prison.

Using the online nicknames Wazawaka, m1x, Broriscelcin, and Uhodiransomwar from his home base in Russia, Matveev allegedly engaged in conspiracies to deploy three ransomware variants called LockBit, Babuk, and Hive to target critical infrastructure around the world, including law enforcement agencies , hospitals and government agencies , schools and victims in other sectors.

Former US Embassy staffer arrested and held in same Moscow jail as WSJ reporter: Russian report

The Justice Department estimates the total ransom demands that members of these three global ransomware campaigns allegedly made on their victims to be as high as $400 million. Total ransom payments from victims totaled up to $200 million, according to the Justice Department.

According to the Ministry of Finance, Matveev was a Central figure in the development and deployment of the ransomware variants Hive, LockBit and Babuk, among others.

DC police officer in uniform

The Department of Justice announced that the Metropolitan Police Department in Washington, DC was the target of a ransomware attack in August 2021. (Celal Gunes/Anadolu Agency via Getty Images)

“In 2021, Babuk ransomware strains attacked the police department of a major US city. The hackers who infiltrated the police department’s computer network stole home addresses, cell phone numbers, financial records, medical histories and other personal information from police officers, as well as sensitive information about gangs, suspects and witnesses,” the Treasury Department said. “In a public interview, Matveev claimed responsibility for publishing the stolen police data online.”

The Treasury Department’s Office of Foreign Assets Control also announced Tuesday that it was appointing Matveev for his role in conducting cyberattacks against U.S. law enforcement agencies, businesses and critical infrastructure. The State Department has also announced a reward of up to $10 million for information leading to the arrest of this defendant.

FBI Responds to Damaging DURHAM REPORT on Trump-Russia Inquiry Touting “Dozens of Corrective Actions”

“Matveev is from Russia and hides behind several aliases. Matveev is believed to have used these ransomware strains to encrypt and hold hostage the data of numerous victims for ransom, including hospitals, schools, non-profit organizations and law enforcement agencies such as the Metropolitan Police Department in Washington. DC,” said Philip R. Sellinger, U.S. Attorney for the District of New Jersey, in a statement.

Although Matveyev remains a “fugitive from justice” on Tuesday, Sellinger said the charges shed light on the Russian citizen’s alleged criminal activities, meaning he “is no longer hiding in the shadows” or heading to the United States or travel to another country with which the US is cooperating to sign an extradition treaty without fear of arrest.

US Capitol with fence around it

A Russian citizen has been accused of coordinating ransomware attacks against US authorities, including law enforcement agencies in the country’s capital. (Jim Watson/AFP via Getty Images)

According to an indictment, since 2020 Matveev has been an active member of Babuk, a global ransomware campaign that has been among the most active and destructive cybercriminal threats worldwide.

On April 26, 2021, Babuk conspirators deployed ransomware against the Metropolitan Police Department in Washington, DC, and subsequently threatened to release sensitive information to the public unless payment was made. As part of this specific attack, Matveev allegedly intentionally infected the police department’s computer systems with Babuk ransomware, stole data, and then attempted to blackmail the department by threatening to disclose sensitive information unless payment was made.

Matveev is also charged with a series of similar crimes in an indictment filed in the County of New Jersey.

On June 25, 2020, Matveev and his LockBit conspirators allegedly used LockBit ransomware against a law enforcement agency in Passaic County, New Jersey. On May 27, 2022, Matveev and Hive’s co-conspirators allegedly set Hive against a behavioral health nonprofit based in Mercer County, New Jersey.

Sellinger said victims generally paid through cryptocurrency.

DC Police Response to George Washington University Shooting

Police officers cordon off an area after a body was found near the George Washington University Hospital in Washington DC on April 7, 2023. (Celal Gunes/Anadolu Agency via Getty Images)

“We want the charges, sanctions and rewards for Mikhail Matveev to raise alarms among cybercriminals around the world,” Special Agent in Charge James Dennehy of the FBI’s Newark Field Office said in a statement. “The FBI and our law enforcement partners and our international partners are after you.

“These malicious actors believe they can operate with impunity – and are not afraid of being caught because they are based in a country where they feel safe and secure. That may be the case now, but safe haven may not last forever. When we have him.” We will do everything in our power to bring Matveyev and his ilk to justice.


The FBI said it is investigating the case with support from international partners in France, Japan, the United Kingdom, Switzerland, the Netherlands, Germany, Spain, Norway and Sweden.

Related Articles

Back to top button