Security News > 2023 > May > US offers $10m bounty for Russian ransomware suspect outed in indictment

Babuk therefore serves as a sort-of instruction manual that teaches would-be cybercrimals how to handle the "We can decrypt this but you can't, so pay us the blackmail money or you'll never see your data again" part of a ransomware attack.

The US indictment explicitly accuses Matveev of two ransomware attacks in the State of New Jersey, and one in the District of Columbia.

Interestingly, Matveev has also been declared a "Designated" individual, meaning that he's subject to US sanctions, and therefore presumably also that US businesess aren't allowed to send him money, which we're guessing prohibits Americans from paying any ransomware blackmail demands that he might make.

Of course, with the ransomware crime ecosystem largely operating under a service-based or franchise-style model these days, it seems unlikely that Matveev himself would directly ask for or receive any extortion money that was paid out, so it's not clear what effect this sanction will have on ransomware payments, if any.

Do bear in mind the findings of the Sophos State of Ransomware Report 2023, where ransomware victims revealed that the median average cost of recovering by using backups was $375,000, while the median cost of paying the crooks and relying on their decryption tools instead was $750,000.

Whichever way you look at the data, it is considerably cheaper to use backups to recover from a ransomware attack than to pay the ransom.

News URL

https://nakedsecurity.sophos.com/2023/05/17/us-offers-10m-bounty-for-russian-ransomware-suspect-outed-in-indictment/