Russian cyber-kingpin attacks NJ: $10M reward for his capture
❌ Russian national ransomware attacker fingered by NJ law enforcement
❌ A huge reward is offered for his arrest and conviction
❌ He targeted police, schools, non-profits, hospitals and businesses in NJ
A $10 million reward is being offered for information that leads to the arrest or conviction of a Russian national cyber kingpin who’s accused of launching thousands of crippling ransomware attacks against critical infrastructure targets in New Jersey, Washington, D.C., and other victims worldwide.
U.S. Attorney for New Jersey Phillip Sellinger said Mikhail Matveev, a dangerous and prolific cyber-criminal believed to be hiding in Russia, has been indicted for using three ransomware variants to attack at least 2,800 victims in the Garden State and around the globe.
“They hacked the computer systems of hospitals, not-for-profits, schools, multiple law enforcement agencies, including one in Passaic County, New Jersey,” he said
He noted small businesses and religious institutions were also targeted by the cyber-crooks.
Which NJ establishments were targeted?
When Sellinger was asked which specific businesses and nonprofits in New Jersey had their information compromised, he said “our practice and the policy of the Department of Justice is not to release the names of victims without their consent.”
He noted no Middlesex County public agency had their computer systems hacked by Matveev but one Mercer County behavioral healthcare organization had been targeted.
Newark Special Agent in Charge Jim Dennehy announced the Prospect Park Police Department in New Jersey as well as the Metropolitan Police Department in Washington, D.C. had been hacked by Matveev’s crew, at some point since 2020.
He said those attacks affected the ability of police to protect members of the public.
“We allege Matveev leaked documents containing information about open investigations, joint operations with federal agencies and sensitive human resources details,” he said.
He was targeting U.S. cops
Dennehy said the suspect was targeting law enforcement.
“Matveev even stated, and I quote, as soon as I have the chance to kick the expletive out of U.S. cops I won’t think twice," he said.
Dennehy said hopefully the proverb "no honor among thieves" will hold true.
“Turning Matveev in for his criminal behavior could benefit someone with a paycheck of up to $10 million.”
Holding data hostage
Sellinger said once Matveev and his co-conspirators were able to gain access to computer systems, they would encrypt the victim’s data and hold it hostage until hundreds of thousands of dollars in ransom payments were received, usually in the form of cryptocurrency.
If victims did not pay the demanded ransom, Sellinger said Matveev would often post their data on a public website, including “bank documents, Social Security numbers, passports, scans of driver’s licenses, and employees persona data.”
He said ransomware victims have collectively paid more than $200 million to get back their stolen information.
He said Matveev used aliases in the attacks but investigators were able to determine he was the mastermind behind them, and now there is a spotlight on him as a wanted criminal.
Serious charges, serious penalties
Matveev is charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If caught and convicted of the charges, he faces more than 20 years in prison, huge fines and would have to repay his victims.
Sellinger said the indictments will serve to disrupt Matveev’s criminal operations and send a message to other cybercriminals that the United States will pursue anyone who seeks to use technology “to victimize our companies, our citizens and our allies.”
The Russian government does not have an extradition treaty with the United States, so these types of criminals are effectively shielded from arrest and prosecution.