OFAC Sanctions Russian Cybercriminal

Washington, D.C. (June 9, 2023) – On May 16, 2023, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Russian national Mikhail Matveev for his role in launching cyberattacks on U.S. law enforcement, businesses, and critical infrastructure. In addition to his placement on OFAC’s Specially Designated Nationals (SDN) list, District Courts in New Jersey and the District of Columbia have unsealed several indictments against Matveev, and the Department of Justice announced that it is offering a $10 million reward for any information that leads to his arrest or conviction.

Matveev’s designation was made pursuant to section 1(a)(ii)(C) of Executive Order (E.O.) 13694, as amended by E.O. 13757, which blocks all property and interests in property within the U.S., or in possession or control of any U.S. person, of any person determined to be responsible for or complicit in, or having engaged in, directly or indirectly, a cyber-enabled activity originating from, or directed by persons located, in whole or in substantial part, outside the U.S. that is reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the U.S. and that has the purpose or effect of causing a significant disruption to the availability of a computer or network of computers.

Matveev is associated with the development of several ransomware variants, including the strain known as Babuk that was used to attack the Washington, D.C. Metropolitan Police Department in 2021. Matveev then threatened to sell access to the stolen addresses, cell numbers, and financial data of police officers, as well as information about gangs, suspects, and witnesses if the ransom was not paid. Other ransomware strains linked to Matveev include LockBit, which was used to extort a law enforcement agency in Passaic County, New Jersey, and Hive which was deployed against a healthcare organization in Mercer County, New Jersey.

In total, Matveev and his coconspirators have allegedly received over $200 million in ransom payments since 2020. Matveev has been vocal about his illicit activities, claiming responsibility for his actions in interviews with trade press blogs and even allegedly stating that his activities will be tolerated by Russian authorities so long as he remains loyal to Russia.

It appears that OFAC is ready to ramp up its sanctions against ransomware actors in Russia, stating in its press release that Russia is a “haven” to individuals like Matveev, enabling cybercriminals to engage openly in ransomware attacks against U.S. organizations.

Lewis Brisbois is experienced in advising clients on managing legal and business risks as events continue to develop. For more information, contact the author or editors of this alert. Visit our Ukraine Conflict Response Practice page for additional alerts.

Author:

Rebecca Stoddard, Associate

Editors:

Jane C. Luxton, Managing Partner - Washington, D.C.

Andrew Pidgirsky, Partner

Kamran Salour, Partner

Robert F. Walker, Partner