Russian national Mikhail Matveev, accused of operating as an affiliate for multiple ransomware groups, including LockBit, Babuk, and Hive, has been indicted on charges related to ransomware attacks.
The indictments highlight the focus of law enforcement on individual hackers responsible for directly hacking into victims’ networks and extorting them with ransomware. Matveev’s involvement in the Babuk ransomware attack, which allegedly caused a Dutch cheese shortage in April 2021, gained attention. The attack targeted Bakker Logistiek, a major logistics provider in the Netherlands, disrupting supply chains and leaving supermarket cheese counters empty.
The Babuk ransomware group faced internal challenges due to a malfunctioning decryptor, leaving encrypted data unrecoverable and triggering an internal dispute. Matveev blamed a third-party developer for the failure, claiming that two companies’ data was destroyed, and the victims were scammed.
The failure of the decryptor was seen as a factor contributing to the downfall of Babuk. Matveev’s involvement in the attack against Bakker Logistiek was revealed through an interview, prompting the authorities to investigate.
Following the Babuk attack, a new ransomware operation called Groove emerged, allowing affiliates to take control of ransomware attacks. Affiliates could choose the most suitable ransomware for their victims instead of following instructions from ransomware-as-a-service operators. The experiment with Groove ended shortly after it began, with the founders claiming it was intended to “troll” Western media.
The indictments against Matveev demonstrate that law enforcement is targeting not only the leaders of major ransomware groups but also the affiliates involved, serving as a warning that participating in ransomware attacks comes with consequences.
While it remains uncertain whether Matveev will face charges in a U.S. court as he is a Russian citizen, the indictments signify a shift in focus from the top operators to individual hackers involved in ransomware attacks. The move aims to hold all participants accountable, including affiliates who play a crucial role in carrying out these cybercrimes.
The indictments serve as a clear warning that engaging in ransomware activities may lead to identification, indictment, and arrest, emphasizing the consequences that hackers could face for their actions.
