Home / News

U.S. Targets Russian Mastermind Behind Dominant Ransomware Landscape, Offers $10 Million Reward

Russia-Related Ransomware Variants Relative to Total Ransomware Activity Between July 2021 and December 2021. Source: U.S. Treasury’s Financial Crimes Enforcement Network

The U.S. government has declared criminal charges, economic sanctions, and a $10 million reward for information leading to the arrest of a Russian citizen, Mikhail Matveev. Accused of a series of ransomware attacks, Matveev’s alleged operations, known as Babuk, have targeted entities such as the D.C. police, an airline, and other American industries.

The Treasury Department has banned financial dealings with Matveev, identifying him as a central figure in cyberattacks against U.S. law enforcement, businesses, and critical infrastructure in 2021. Brian E. Nelson, undersecretary of the treasury for terrorism and financial intelligence, stated that the U.S. would not tolerate ransomware attacks and would hold individuals like Matveev accountable for their crimes, The Washington Post reported on Tuesday.

Russian malware domination: Investigations by the Treasury’s Financial Crimes Enforcement Network linked 75% of ransomware incidents reported in the second half of 2021 to Russia or its proxies. Matveev is believed to have played a significant role in this, creating and deploying ransomware variants such as Hive, LockBit, and Babuk. The Hive variant alone targeted more than 1,500 victims across over 80 countries, including hospitals, school districts, financial firms, and other critical infrastructure.

Matveev, also known as Wazawaka, is accused of damaging protected computers and threatening related activities, each charge carrying a penalty of up to 10 years in prison. His illegal activities notably include the deployment of Babuk ransomware against D.C. police in April 2021, resulting in the theft of sensitive data and a subsequent extortion attempt.

The Babuk group surfaced in early 2021, claiming possession of critical information, including identities of confidential informants and gang-related data. Following unsuccessful negotiations, the hackers publicly released stolen documents that could potentially expose confidential information, including suspected gang members and witnesses.

The big picture: The charges against Matveev could serve to deter future offenders, despite the lack of an extradition treaty between the U.S. and Russia. International collaboration among law enforcement agencies is intensifying to identify those behind such cyber attacks, while the U.S. is also employing strategies to sow distrust among criminal gangs and offering rewards to those who turn against their peers. However, nations like Russia, China, North Korea, and Iran may continue to provide a safe haven for these criminals.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix


Sponsored byVerisign


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global