Crime

United States Sanctions and Charges Russia-based Ransomware Developer Mikhail Matveev

On May 16, 2023, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Mikhail Matveev, a Russian national associated with the development and spread of several ransomware strains. Ransomware attacks associated with Matveev’s strains are estimated to have cost victims as much as $200 million. Concurrently, the Department of Justice (DOJ) indicted Matveev on several charges, and is offering a reward of up to $10 million for information that leads to Matveev’s arrest or conviction. 

Who is Mikhail Matveev?

Mikhail Matveev is a Russian national who gained notoriety for his role in developing the Babuk ransomware strain and its RaaS affiliate program. He also had a role in deploying the Lockbit and Hive ransomware strains against victims as well. Matveev carried out this activity mostly under monikers he used on various cybercriminal forums, including “Wazawaka,” “Boriselcin,” and “Uhodiransomwar.” Additionally, Matveev acted as an initial access broker, meaning he sold access to computer networks compromised via vulnerabilities he identified. In 2021, Matveev launched a particularly notable ransomware attack against the Washington, D.C. Metropolitan Police using the Babuk strain, threatening to leak the personal information of department staff if the ransom wasn’t paid. Mateev and strains associated with him have also been implicated in attacks on critical infrastructure including hospitals, school districts, and financial services firms. 

Matveev is notably brazen about his ransomware activity. As noted in the DOJ press release on this indictment, Matveev has conducted several interviews, boasting about his ransomware exploits and stating in one interview that “There is no such money anywhere as there is in ransomware.” 

Always watch out for on-chain sanctions exposure

OFAC’s Specially Designated Nationals (SDN) list entry for Matveev doesn’t currently include any cryptocurrency addresses. However, any addresses Chainalysis identifies as related to Mateev will be labeled accordingly. We commend OFAC and the DOJ for today’s action, and will continue to do our part in the fight against ransomware.

This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.

Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.