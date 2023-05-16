Treasury Imposes Consequences on Key Ransomware Player

WASHINGTON Today, the U.S. Department of the Office of Foreign Assets Control (OFAC), designated Mikhail Matveev (Matveev) for his role in launching cyberattacks on US law enforcement, businesses, and critical infrastructure. Simultaneously, the United States District Courts for the District of New Jersey and the District of Columbia released indictments against Matveev. Additionally, the US State Department announced a reward of up to $10 million for information that leads to Matveev’s arrest and/or conviction under its transnational organized crime rewards program.

The United States will not tolerate ransomware attacks against our people and our institutions, said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. Ransomware actors like Matveev will be held accountable for their crimes, and we will continue to use all available authorities and tools to defend against cyber threats.

The impacts of ransomware attacks are far-reaching, with victims suffering the loss and disclosure of sensitive information and disruption of critical services. Russia is a haven for ransomware actors, allowing cybercriminals like Matveev to openly engage in ransomware attacks against US organizations. According analysis conducted by the Treasury’s Financial Crimes Enforcement Network (FinCEN), 75% of reported ransomware incidents between July and December 2021 were linked to Russia, its proxies or people acting on its behalf. Russian-linked ransomware variants such as Hive, LockBit, and Babuk, which Matveev helped develop and deploy, have been responsible for millions of dollars in losses for victims in the United States and around the world. The Hive ransomware group alone has targeted more than 1,500 victims in more than 80 countries, including hospitals, school districts, financial companies, and other critical infrastructure.

MIKHAIL MATVEEV: KEY PLAYER IN THE RUSSIAN RANSOMWARE ECOSYSTEM

Matveev played a pivotal role in the development and deployment of ransomware variants Hive, LockBit, and Babuk, among others. In 2021, Babuk ransomware affiliates attacked the police department of a major US city. Hackers who infiltrated the police department’s computer network stole home addresses, mobile phone numbers, financial data, medical histories and other personal details of police officers, as well as sensitive information about gangs, crime suspects and witnesses. In a public interview, Matveev claimed responsibility for the online publication of data stolen by the police.

In addition to attacks on public institutions, Matveev has been linked to ransomware intrusions against numerous US companies, including a US airline.

Matveev talked about his illegal activities. He has provided insight into his cyber crimes in media interviews, leaked exploit code to online criminals and said his illicit activities would be tolerated by local authorities on the condition that he remain loyal to Russia.

OFAC designates Matveev pursuant to Section 1(a)(ii)(C) of Executive Order (EO) 13694, as amended by EO 13757, for being responsible for or complicit in, or participating in, directly or indirectly, cyber activity originating of, or directed by persons located wholly or substantially outside the United States that are reasonably likely to create or have materially contributed to a material threat to national security, foreign policy, health economic or financial stability of the United States that has the purpose or effect of causing a material disruption in the availability of a computer or computer network.

CONSEQUENCES OF SANCTIONS

As a result of today’s action, all property and interests in the Designated Person’s property that is in the United States or in the possession or control of U.S. Persons must be blocked and reported to the OFAC. OFAC regulations generally prohibit all transactions by U.S. persons or within the United States (including transactions transiting through the United States) that involve property or interests in the property of blocked persons or designated.

In addition, persons who engage in certain transactions with the designated person today may themselves be exposed to designation.

Sanctions power and integrity arises not only from OFAC’s ability to designate and add individuals to the Specially Designated Nationals and Blocked Persons (SDN) list, but also from OFAC’s willingness to remove persons on the SDN list in accordance with the law. The ultimate goal of sanctions is not to punish but to bring about a positive change in behavior. For more information on the process for requesting removal from an OFAC list, including the SDN list, please refer to OFACs Frequently Asked Questions 897. For detailed information on the process for submitting an OFAC sanctions list removal request, please visit the OFAC website.

For more information on the person designated today.

For more information on compliance with virtual currency sanctions, see OFAC Sanctions Compliance Guidance for the Virtual Currency Industry.

