Russian National Faces Charges for Multi-Million Dollar Ransomware Attacks on U.S. Critical Infrastructure

NEWARK, N.J. - In a significant blow to international cybercrime, the Justice Department has unsealed two indictments against a Russian national. The charges relate to a series of damaging ransomware attacks against victims across the United States, including law enforcement agencies in New Jersey and Washington, D.C., as well as entities in healthcare and various other sectors nationwide.

The individual, identified as Mikhail Pavlovich Matveev, is alleged to have operated under several aliases from his home base in Russia. He has been implicated in deploying three different ransomware variants - LockBit, Babuk, and Hive - to encrypt and hold hostage for ransom the data of numerous victims.

"Matveev no longer hides in the shadows ­– we have publicly identified his criminal acts and charged him with multiple federal crimes," declared Philip R. Sellinger, U.S. Attorney for the District of New Jersey. "Let today’s charges be a reminder to cybercriminals everywhere ­– my office is devoted to combatting cybercrime and will spare no resources in bringing to justice those who use ransomware attacks to target victims."

Among the targeted entities were hospitals, schools, nonprofits, and law enforcement agencies, including the Metropolitan Police Department in Washington, D.C. The total ransom demands made by the perpetrators behind these ransomware campaigns are believed to amount to as much as $400 million, with victim ransom payments reaching as much as $200 million.

In specific instances, Matveev and his co-conspirators allegedly deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey, in June 2020; Hive against a nonprofit behavioral healthcare organization in Mercer County, New Jersey, in May 2022; and Babuk against the Metropolitan Police Department in Washington, D.C., in April 2021.

These ransomware attacks have wreaked havoc on essential services and institutions. 

"Data theft and extortion attempts by ransomware groups are corrosive, cynical attacks on key institutions and the good people behind them as they go about their business and serve the public," stated U.S. Attorney Matthew M. Graves for the District of Columbia.

In response to these cybercrimes, the FBI Newark Field Office’s Cyber Crimes Task Force is leading an investigation, with international support from various law enforcement agencies in Europe and Japan.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced a designation against Matveev for his role in these cyberattacks, while the Department of State is offering an award of up to $10 million for information leading to Matveev's apprehension.

Victims of the LockBit, Babuk, and Hive ransomware variants are encouraged to contact their local FBI field office. For additional information on ransomware, please visit www.StopRansomware.gov .

The charges against Matveev include conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, he faces over 20 years in prison.

These indictments mark a significant step forward in the fight against international cybercrime. The charges send a clear message to cybercriminals worldwide that they cannot act with impunity, and that the arm of justice will reach them, no matter where they operate from.

For updates, subscribe to our free newsletter!

Support your local news!