Russian National Indicted for Ransomware Attack on D.C. Police: A Look at the Growing Cybersecurity Threat from Russian Hackers

The U.S. Charges Russian National for Ransomware Attacks, Including Against D.C. Police

Overview of the Situation

The U.S. Justice Department has unveiled criminal charges against a 30-year-old Russian national, Mikhail Matveev, for orchestrating ransomware attacks, including one that targeted the Washington, D.C., Metropolitan Police Department (MPD) in April 2021. The indictment accuses Matveev of also being involved in successful ransomware attacks against the health care sector and law enforcement agencies in New Jersey. Matveev, based in Kaliningrad, Russia, was charged with transmitting ransom demands, conspiracy to damage protected computers, and intentionally damaging protected computers. He has been indicted in federal district courts in D.C. and New Jersey. The maximum penalty for these charges is 20 years in prison.

The Significance of the Charges

While ransomware attacks carried out by Russian nationals on U.S. targets are nothing new, this particular case stands out because it marks one of the first high-profile indictments against a Russian national for direct responsibility for successful ransomware attacks in the U.S. Moreover, Merveev is believed to be a “central figure” in the development of three variants of ransomware – namely, Hive, LockBit, and Babuk. This places Merveev at the forefront of some of the most prolific ransomware operations in recent years.

Ransomware Operations Carried Out by Matveev

The Babuk variant was used in the successful ransomware attack on the Washington, D.C., MPD in April 2021. This attack gained notoriety because the perpetrators publicly posted documents related to MPD tactics and detailed personnel files on dozens of officers. Hive, another variant of ransomware associated with Merveev, was involved in over 1,500 ransomware incidents across 80 countries. LockBit, a third variant, has collected ransom payments exceeding $75 million from over 1,400 victims since its appearance in 2020.

Russian Ties to Ransomware Attacks

The Treasury’s Financial Crimes Reporting Network reports that roughly 75% of all ransomware attacks that occurred globally in the second half of 2021 were linked to actors in Russia. Merveev has given interviews in Russia claiming credit for some of these incidents, including the MPD attack, and professing his loyalty to the Kremlin. This highlights the connection between ransomware operations carried out by Russian nationals and the Russian government.

Conclusion and Editorial Recommendations

While the indictment heralds a step in the right direction in terms of holding ransomware criminals accountable, the reality is that Matveev is currently out of reach of U.S. law enforcement while in Russia. Therefore, diplomatic efforts must be made to secure Matveev’s extradition to face the charges filed against him. Furthermore, a significant aspect that needs to be highlighted is that ransomware is an increasingly lucrative business. To combat this growing threat effectively, security experts, policymakers, practitioners, and law enforcement agencies must work hand in hand to ensure that ransomware perpetrators no longer find a safe haven in any part of the world. Moreover, organizations must prioritize implementing robust security measures, including backups, to ensure that they can recover from ransomware attacks without having to pay the ransoms, which only fuel this criminal enterprise. Finally, policymakers must enforce penalties and deterrence measures on nations that harbor ransomware gangs and impose sanctions on entities that profit from ransom payments.