The Department of Justice on Tuesday unsealed two indictments, charging a Russian national with using ransomware to cyberattack critical U.S. infrastructure.
“[F]rom at least as early as 2020, Mikhail Pavlovich Matveev…allegedly participated in conspiracies to deploy three ransomware variants,” the DOJ said in a statement, specifying those variants as LockBit, Babuk and Hive.
Ransomware is the crime in which the perpetrators lock up an organization’s computers, disrupt their operations and demand ransom—usually millions of dollars—to unlock the systems. The ransom is almost always demanded in the form of cryptocurrency.
“The perpetrators behind each of these variants, including Matveev, have allegedly used these types of ransomware to attack thousands of victims in the United States and around the world,” the DOJ added. “These victims include law enforcement and other government agencies, hospitals, and schools.”
According to information previously released by the FBI, Hive has been used by cybercriminals to attempt to extort more than 1,300 companies worldwide.
In Tuesday’s announcement, the DOJ said that in total, ransomware demands by criminals using any of the three variants have amounted to as much as $400 million, and victims have paid out roughly half that amount.
Matveev in particular had used ransomware to “attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division.
If convicted on all charges, Matveev could be sentenced to more than 20 years in prison.