This hacker has a $10 million bounty on his head – that’s what we know about him

The United States has filed charges against a Russian hacker for digital attacks against US government agencies and citizens. The wanted person belonged to the notorious Russian language ransomware syndicate Babuk (more on that below).

The US State Department has offered a reward of up to $10 million for information leading to the arrest of Mikhail Matveyev. He is on the FBI’s list of “Most Wanted” cybercriminals.

What exactly is he accused of?

Matveyev, who lives in Russia, allegedly used ransomware attacks to make ransom demands on law enforcement and other government institutions, as well as hospitals and schools, the Justice Department said on Tuesday. The lawsuits have been published in the US state of New Jersey and the District of Columbia.

There are thousands of victims in total, including civilians in the US and other parts of the world – Matveyev has demanded $400 million from his victims, 200 million was paid.

The US Treasury Department has issued a ban on financial transactions with Matveyev, calling him a key figure in launching cyberattacks against US law enforcement agencies, businesses and critical infrastructure in 2021.

The Metropolitan Police Department in the US capital Washington DC had refused to comply with Babuk’s demands for extortion. The hackers then leaked 250 gigabytes (GB) of confidential data, which reportedly included hundreds of police files and intelligence reports involving other agencies such as the FBI and Secret Service.

What made Babuk so dangerous?

The cybercriminals are no longer active under the group name Babuk, the last entry on their dark web leak site dates from 2021. In the same year, the source code of their malware was also leaked.

The leaked code was especially attractive to hackers because they could use it to create their own versions to attack Linux-based systems in addition to Windows.

Last week, IT security researchers published a study showing that nearly a dozen other criminal groups have developed their own malware based on the Babuk ransomware. Among other things, this can be used to attack ESXi servers, which are especially popular with large companies and corporations.

SentinelLabs experts found overlaps between the leaked Babuk source code and attack tools from several surviving ransomware groups such as Conti, Play, and Ransom House – responsible for some of the most devastating cyberattacks in the past two years. The ransomware gang Play is also behind the hacking of Swiss media company CH Media (which Watson owns).

On the other hand, other well-known ransomware gangs such as ALPHV, BlackBasta, Hive and Lockbit are said to have developed their own attack tools for Linux systems.

Will Russia extradite the wanted person?

The chances of Matveyev seeing the inside of a US courtroom are slim, CNN reports. When asked for comment by journalists on Twitter, the wanted man responded with a video of a Russian man repeating the phrase “I don’t give f*** at all”.

The US and Russia have no extradition treaty, and any faint hope of Russian help in capturing wanted hackers has been faded by Russia’s all-out war against Ukraine.

According to research by independent security researchers, Matveyev lives in the Russian enclave of Kaliningrad and regularly visits the Russian city of St. Petersburg.

In ransomware attacks, the attackers penetrate the computer networks of private companies and government organizations, steal data and eventually take control of the hacked systems. Valuable files are then usually encrypted and only made accessible again after payment of a ransom. There are also frequent threats of publishing stolen data.

Sources

With material from the Keystone-SDA news agency

(dsc)