$200M Crypto Ransomware Attack on US Infrastructure Leads to Russian Hacker's Arrest

$200M Crypto Ransomware Attack on US Infrastructure Leads to Russian Hacker’s Arrest

The US Department of Justice has pressed charges against a Russian national named Mikhail Pavlovich Matveev for executing a crypto ransomware plan that targeted the infrastructure of the United States. According to the indictment obtained from the District of New Jersey, Matveev, who used the online alias Wazawaka, participated in three distinct ransomware organizations that collectively demanded $400 million in cryptocurrency from their victims.

The attack targeted numerous people throughout the United States, including law enforcement agencies in Washington, D.C. and New Jersey, as well as individuals in the healthcare industry and other sectors across the nation.

About the Russian Hacker 

The perpetrator of the cyber assault went by multiple pseudonyms, such as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, but his true identity was Mikhail Pavlovich Matveev. The attack occurred in 2020 and involved a blend of LockBit, Babuk, and Hive ransomwares. After the attack, Matveev demanded for a ransom of $400 million and succeeded in absconding with $200 million.

Matveev is quite a well-known controversial individual within the cybercrime department. In 2022, his every move was extensively covered by news outlets as he shared exploit codes and stirred up reactions from scholars and journalists. As a result, publishers began circulating selfies and videos associated with Matveev.

Matveev had a reputation for frequently posting online about the attacks. It seems that his tactics appeared to be in direct contrast to the cautious approach taken by other ransomware groups in response to heightened scrutiny. His irresponsible behavior has finally resulted in consequences, as law enforcement has taken action against him in recent times.

Increasing Russian Cyber Attacks 

Recent data revealed that Russia-linked hackers garnered the majority of ransomware attack profits in 2021, amounting to 74%. Cybercriminals having strong ties to Russia received more than $400 million in cryptocurrency payments. The US Treasury has warned cryptocurrency companies about the cybersecurity risk posed by Russia. 

Russian cybercriminals have also been using cryptocurrency to evade sanctions in the ongoing conflict with Ukraine. In February 2023, a Russian national admitted to laundering money and hiding the source of funds obtained from Ryuk ransomware attacks.