Security News > 2023 > May > US offers $10m bounty for Russian ransomware suspect outed in indictment
Babuk therefore serves as a sort-of instruction manual that teaches would-be cybercrimals how to handle the "We can decrypt this but you can't, so pay us the blackmail money or you'll never see your data again" part of a ransomware attack.
The US indictment explicitly accuses Matveev of two ransomware attacks in the State of New Jersey, and one in the District of Columbia.
Interestingly, Matveev has also been declared a "Designated" individual, meaning that he's subject to US sanctions, and therefore presumably also that US businesess aren't allowed to send him money, which we're guessing prohibits Americans from paying any ransomware blackmail demands that he might make.
Of course, with the ransomware crime ecosystem largely operating under a service-based or franchise-style model these days, it seems unlikely that Matveev himself would directly ask for or receive any extortion money that was paid out, so it's not clear what effect this sanction will have on ransomware payments, if any.
Do bear in mind the findings of the Sophos State of Ransomware Report 2023, where ransomware victims revealed that the median average cost of recovering by using backups was $375,000, while the median cost of paying the crooks and relying on their decryption tools instead was $750,000.
Whichever way you look at the data, it is considerably cheaper to use backups to recover from a ransomware attack than to pay the ransom.
News URL
Related news
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- Ransomware fiends boast they've stolen 1.4TB from US pharmacy network (source)
- US charges Phobos ransomware admin after South Korea extradition (source)
- Phobos ransomware administrator faces US cybercrime charges (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- US government, energy sector contractor hit by ransomware (source)