Help The DoJ Find This Russian Ransomware Hacker And You Could Score A $10M Bounty

The Justice Department has issued a warrant for a hacker accused of participating in conspiracies to deploy three ransomware variants, and anyone who helps nab him could get a reward of up to $10 million. The alleged ransomware attacks were against law enforcement agencies in Washington D.C., New Jersey, and others worldwide.

The U.S. Department of Justice wants help capturing Mikhail Pavlovich Mateev. The Russian national is said to have participated in deploying ransomware variants known as LockBit, Babuk, and Hive while transmitting ransom demands with each. Mateev is part of a group that has allegedly launched ransomware attacks against thousands of victims in the United States, including law enforcement agencies, hospitals, and schools that began in early 2020.

"From his home base in Russia, Mateev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors," noted Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department's Criminal Division. "These international crimes demand a coordinated response. We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem."

According to a Justice Department press release, the LockBit ransomware variant first showed up around January 2020. The actors are said to have executed the ransomware in over 1,400 attacks worldwide, while issuing over $100 million in ransom demands and receiving over $75 million in ransom payments.

The Babuk variant was used in over 65 attacks worldwide, issuing demands of over $49 million with payments received totaling as much as $13 million. The Hive attacks had more than 1,400 victims around the world, and garnered as much as $120 million in payments.

All three variants were launched in a similar manner. First, the actors would identify and unlawfully access vulnerable computer systems. Second, they would deploy the ransomware variant within the victim's computer systems, allowing the perpetrators to encrypt and steal data. Then, the actors would send a ransom note to the victim(s) demanding payment in exchange for decrypting the victim's data or it would be shared publicly. Finally, payment would be negotiated with each victim, or if the victim would not pay, the data they stole would most often be posted on a public website.

Mateev is known by several different aliases, including Wazawaka, m1X, Boriselcin, and Uhodiransomwar. The Department of State has announced an award of up to $10 million for any information that leads to the arrest and/or conviction of Mateev. Information that might be eligible for the award should be submitted at tips.fbi.gov.

Assistant Director Bryan Vondran of the FBI's Cyber Division added, "The FBI is steadfast in our commitment to disrupting cybercriminals like Mateev. The FBI will continue to impose costs on cyber adversaries through our joint collaboration with our private sector and international partners, and will not tolerate these criminal acts against American citizens."