U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
sourcer- www.thehackernews.com

U.S. Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator

A Russian national has been charged and indicted by the U.S. Department of Justice (DoJ) for launching ransomware attacks against "thousands of victims" in the country and across the world.

Mikhail Pavlovich Matveev?(aka?Wazawaka, m1x, Boriselcin, and Uhodiransomwar), the 30-year-old individual in question, is alleged to be a "central figure" in the development and deployment of?LockBit,?Babuk, and?Hive?ransomware variants since at least June 2020.

"These victims include law enforcement and other government agencies, hospitals, and schools," DoJ?said. "Total ransom demands allegedly made by the members of these three global ransomware campaigns to their victim's amount to as much as $400 million, while total victim ransom payments amount to as much as $200 million."

LockBit, Babuk, and Hive operate alike, leveraging unlawfully obtained access to exfiltrate valuable data and deploy ransomware on compromised networks. The threat actors also threaten to publicize the stolen information on a data leak site in an attempt to negotiate a ransom amount with victims.

Matveev has been charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, which is unlikely, he faces over 20 years in prison.

The U.S. State Department has also?announced?an award of up to $10 million for information that leads to the arrest and/or conviction of Matveev.

Separately, the Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against the defendant,?stating?"his illicit activities will be tolerated by local authorities provided that he remains loyal to Russia."

According to cybersecurity journalist Brian Krebs, one of Matveev's alter egos included?Orange, which the defendant used to establish the now-defunct Russian Anonymous Marketplace (aka?RAMP) darknet forum.

Despite the flurry of law enforcement actions to crack down on the cybercrime ecosystem in recent years, the ransomware-as-a-service (RaaS) model continues to be a lucrative one,?offering affiliates high-profit margins?without having to develop and maintain the malware themselves.

The financial mechanics associated with RaaS has also lowered the barrier to entry for aspiring cybercriminals, who can avail the services offered by the ransomware developers to mount the attacks and pocket the lion's share of the illicit profits.

Australian and U.S. authorities release BianLian ransomware alert

The development comes as U.S. and Australian cybersecurity agencies released a joint advisory on?BianLian ransomware, a double extortion group that has targeted several critical infrastructure, professional services, and property development sectors since June 2022.

"The group gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone, or Mega," according to the?advisory.

Czech cybersecurity firm Avast, earlier this year,?published a free decryptor?for BianLian ransomware to help victims of the malware recover locked files without having to pay the threat actors.

The security bulletin also arrives amid the emergence of a new ransomware strain dubbed?LokiLocker?that shares similarities with another locker called?BlackBit?and has been observed actively targeting entities in South Korea.

CHESTER SWANSON SR.

Next Trend Realty LLC./wwwHar.com/Chester-Swanson/agent_cbswan

1 年

Thanks for the updates on, The Daily Cyber Security News ??.

要查看或添加评论,请登录

Cyberyami的更多文章

社区洞察

其他会员也浏览了