The US Department of Justice has accused Russian hacker Mikhail Matveev, also known on the Internet under the nicknames “Wazawaka”, “Boriscelcin”, “m1x”, “Uhodiransomwar”, of involvement in attacks on critical infrastructure in the United States and other countries and in the distribution of ransomware viruses (ransomware ), which caused damage in the amount of $ 200 million.
According to the US Department of Justice, Matveev is behind attacks on hospitals, police stations and schools in New Jersey and other US states, as well as abroad. He is accused of participating in the fraudulent groups Lockbit, Babuk and Hive.
At the same time, the US Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions on Mikhail Matveev, according to a statement on the OFAC website. The State Department has announced a $10 million reward for information leading to Matveev's arrest. The FBI put the hacker on the wanted list. He faces up to 20 years in prison in the United States for hacking, conspiring and intentionally damaging protected computers. Now, according to the US federal authorities, Matveev is in Russia.
Ransomware is a type of malicious software that blocks access to a system or individual computer until a ransom (ransom, hence the name of this type of attack) is paid to the organizer of the attack. In total, according to the US Department of Justice, the groups, of which Matveev is an active member, tried to extort about $400 million. These groups became most famous in 2021 after the attack on the Washington police. They threatened that if the ransom for unlocking the computers was not paid, they would release the names of the US Capital Police informants.
Another well-known attack by Matveev, along with the DarkSide group, is the blocking of the American oil pipeline Colonial Pipeline in 2021. A cyberattack has shut down a pipeline from Texas to New York City for gasoline, diesel and jet fuel for five days. Then retail gasoline prices in the United States reached a ten-year high, as panic began in the market. As a result, the owners of Colonial Pipeline paid a ransom of 75 bitcoins ($4.5 million). However, the FBI managed to confiscate most of the ransom.
Lockbit, Babuk and Hive are three groups that are among the most active and destructive cybercriminal threats in the world, New Jersey District Attorney Philip Sellinger wrote in an indictment, writes Bloomberg. Matveev, along with other gang members, attacked up to 2,800 victims in the US and around the world, Sellinger said.
For the first time, the real name of the hacker was revealed in 2022 by American journalist Brian Krebs. The fact that it is he who is behind the names named by the US government, Matveev admitted in an interview with The Record in 2022. He noted that he is behind the nickname "Orange" – one of the founders of the RAMP forum, which used to be the largest Russian site for the sale of drugs on the dark web. Lenta.ru wrote that Orange was running RAMP. In recent years, ransomware attacks have been actively sold on the site. “Using ransomware is worse than heroin,” Mikhail Matveev said in an interview in 2022. – It's worse than drug addiction. There is no such money anywhere as there is in ransomware scams. Even hydra drug dealers don't make that much."