A Russian national has been charged and indicted by the U.S. Department of Justice (DoJ) for launching ransomware attacks against "thousands of victims" in the country and across the world. The culprit in question is Mikhail Pavlovich Matveev, a 30-year-old individual allegedly involved in the development and deployment of LockBit, Babuk, and Hive ransomware variants since at least June 2020. These ransomware campaigns are said to have targeted law enforcement and government agencies, hospitals, and schools, with total ransom demands made by the perpetrators amounting to as much as $400 million, while total victim ransom payments amount to as much as $200 million.
Despite authorities' efforts to crack down on cybercrime, the ransomware-as-a-service (RaaS) model continues to be lucrative, offering high-profit margins for affiliates without having to develop and maintain the malware themselves. It's unfortunate that even with these efforts, cybercrime still continues to be a profitable venture.
On a related note, the U.S. and Australian cybersecurity agencies recently released a joint advisory on the BianLian ransomware, which has targeted several critical infrastructure, professional services, and property development sectors since June 2022. The group has gained access to victim systems through valid Remote Desktop Protocol (RDP) credentials, using open-source tools and command-line scripting for discovery and credential harvesting.
Victims' data is then exfiltrated via File Transfer Protocol (FTP), Rclone, or Mega. Victims of the malware can use a free decryptor offered by Czech cybersecurity firm Avast to recover locked files without having to pay the threat actors. Another ransomware strain called LokiLocker is also being monitored. The locker shares similarities with another called BlackBit and has been observed actively targeting entities in South Korea. We urge our readers to stay vigilant and take the necessary precautions to prevent ransomware attacks.