Russian Cybercriminal Accused in $200M Crypto Ransomware Attack on US Infrastructure
In recent news, a Russian cybercriminal named Aleksey Burkov has been accused of being part of a group that executed a $200 million crypto ransomware attack on U.S. infrastructure. The attack was said to have been carried out in 2015 and 2016, and is currently being investigated by U.S. authorities. This news highlights once again the vulnerability of critical infrastructure to cyber attacks and the importance of cyber security.
The origins of the attack
The attack in question is believed to have been carried out by a group called Cardplanet. The group operated an underground marketplace that traded in stolen payment card details. According to the indictment filed against Burkov, the Cardplanet group was responsible for over $150 million in losses for U.S. financial institutions alone.
The group’s modus operandi was to steal payment card details from U.S. citizens using malware and then sell them on their marketplace. One of the key pieces of malware used was called Carbanak, which allowed the criminals to gain remote access to victims’ computer systems.
Once the group had access to a system, they would typically set up a crypto ransomware attack. This involved encrypting the victim’s data, and then demanding payment in cryptocurrency to unlock it. The group would typically ask for around $500 in Bitcoin for each victim, but as the number of victims increased, the group began asking for higher amounts.
The attack on U.S. infrastructure
The 2015 and 2016 attack on U.S. infrastructure was one of the largest of its kind. The Cardplanet group is said to have targeted hundreds of U.S.-based companies, stealing sensitive financial data and causing widespread disruptions.
The group is believed to have used one of its key pieces of malware, Carbanak, to gain access to the systems of U.S. infrastructure companies. Once inside, they were able to steal data and carry out their crypto ransomware attacks.
The indictment against Burkov
Aleksey Burkov, a Russian national, was arrested in Israel in 2015 as part of a U.S. extradition request. He was accused of being a key member of the Cardplanet group. Burkov fought the extradition, but was eventually sent to the U.S. in 2019.
Burkov is now facing multiple charges, including computer hacking, wire fraud, and identity theft. The indictment filed against him claims that he was responsible for carrying out numerous hacks on U.S. infrastructure companies, and also for running a separate website that facilitated anonymous online criminal activities.
The significance of the case
This case is significant for a number of reasons. Firstly, it highlights the ongoing threat posed by cyber criminals, and the importance of businesses and governments taking cyber security seriously.
Secondly, it underscores the need for international cooperation in tackling cyber crime. Burkov was arrested in Israel, and it was only through the efforts of U.S. authorities that he was eventually extradited to face charges. The fact that he was able to operate from Russia, and that the Cardplanet group was able to carry out such a significant attack on U.S. infrastructure, shows that cyber criminals are able to operate across borders with relative ease.
Finally, the case highlights the role that cryptocurrency can play in facilitating criminal activities. The Cardplanet group was able to demand ransom payments in Bitcoin, which is a largely anonymous and untraceable form of payment. This makes it difficult for law enforcement to track the flow of money and apprehend the criminals involved.
The accusation of a Russian cybercriminal being part of a $200 million crypto ransomware attack on US infrastructure has dealt a severe blow to the integrity of critical data infrastructure in the US. Cybersecurity experts are calling for more robust legislation and cooperation in halting cryptocurrency-aided attacks.
While the Burkov case is ongoing, the case has become an important lesson to regulators worldwide in the need for efficient and well-equipped monitoring frameworks to provide the industry with a base of meaningful data to feed into market decision-making.
The case reminds that the past of actions and inactions are not secure in the present and could present a significant risk to present and future data security.
The US Department of Justice (DOJ) has indicted a Russian national for a crypto-ransomware attack on US infrastructure, unsealing two charges against the individual in question. Mikhail Pavlovich Matveev, also known by aliases such as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, stands accused of conducting a wide-scale attack against several victims across the US. The affected sectors spanned law enforcement agencies in Washington, D.C. and New Jersey, along with other victims in the healthcare sector and other industries nationwide.
Matveev’s attack dates back to 2020, deploying ransomware variants LockBit, Babuk, and Hive. Reports indicate that Matveev demanded as much as $400 million in ransom payments, successfully making off with $200 million.
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division, in a statement regarding Matveev, said, “From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world. We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem.”
Matveev, a notorious figure in the cybercrime landscape, reportedly went rogue in 2022, posting exploit codes and taunting researchers and journalists. His carefree attitude in the face of increased scrutiny from ransomware groups seems to have finally caught up with him, as demonstrated by recent law enforcement action.
He frequently shared information about his attacks, contradicting the caution exercised by other ransomware groups. Soon, publishers started sharing selfies and videos associated with Matveev, further exposing his activities.
Russian hackers have consistently been implicated in cryptocurrency-related attacks. In 2022, a Russian national pleaded not guilty to charges of laundering ransom payments from attacks on US infrastructure. Russian entities have also targeted a Ukrainian gas company.
However, not all activities have been overtly malevolent. An anonymous “Robin Hood” attacker has made headlines for stealing funds from Russian law enforcement and donating them to Ukraine.
The use of cryptocurrency in ransomware attacks has emerged as a significant global issue. Crypto-ransomware attacks involve the use of malware to encrypt a victim’s files, making them inaccessible. To regain access to the encrypted files, the victim has to pay a ransom, often in cryptocurrencies like Bitcoin or Ethereum.
Authorities worldwide have been increasingly cracking down on cryptocurrency-related crimes, with U.S. authorities and their international partners in Europe arresting several individuals involved in such crimes. The DOJ said it has formed a specialized ransomware task force to investigate and prosecute those involved in such attacks.
In conclusion, the recent indictment of Matveev by the DOJ serves as a warning to those who engage in cybercrime and highlights the continued activity by Russian hackers in the crypto sphere. The use of cryptocurrencies in ransomware attacks has become a significant global issue, and authorities worldwide are increasingly cracking down on cryptocurrency-related crimes. As cybercriminals continue to evolve, it is critical that governments and organizations continue to invest in robust cybersecurity measures to protect against these threats.