Cyber Security Threat Summary:
“Mikhail Matveev, 31, the Russian national whom prosecutors accused of wielding not one but three strains of ransomware. Two federal indictments unsealed this month accuse Matveev - aka Wazawaka, m1x, Boriselcin, Uhodiransomwar - of operating as an affiliate for the LockBit, Babuk and Hive ransomware groups. Security experts say the indictments are notable because they don't target ransomware-as-a-service group chiefs but rather a foot soldier who was directly responsible for hacking into victims' networks and using the ransomware to extort them. "Matveev is alleged to have used these ransomware strains to encrypt and hold hostage for ransom the data of numerous victims, including hospitals, schools, nonprofits and law enforcement agencies, like the Metropolitan Police Department in Washington, D.C.," said New Jersey U.S. Attorney Philip R. Sellinger earlier this month, when the indictments were unsealed. Matveev was also a key member behind Groove, which tested a more affiliate-focused approach to ransomware attacks, as well as an access broker who sold remote access to hacked networks to other criminals, security experts say.

In the Netherlands, Matveev is no doubt better remembered for - allegedly - causing a Dutch cheese shortage in April 2021. That's when Babuk struck Bakker Logistiek, one of the country's biggest logistics providers, which supplies hundreds of supermarkets, wholesalers and retailers via refrigerated and air conditioned warehouses and trucks. The company said key IT systems were crypto-locked, possibly after attackers had gained access via Microsoft Exchange ProxyLogon vulnerabilities, causing a disastrous disruption of Dutch supply chains and leaving cheese counters bare across the nation” (BankInfoSec, 2023).

Security Officer Comments:
Despite the unmasking of Matveev and his alleged offenses, will the accused ransomware affiliate ever make an appearance in a U.S. court room to answer these charges? That depends on if he ever leaves Russia, which never extradites its citizens. Regardless, the indictments against Matveev are notable because they show Western law enforcement is not just focusing on the operators of major ransomware groups, many of whom lease their crypto-locking malware to business partners, known in the trade as affiliates, in return for a share of every ransom paid, Fokker said. "For far too long, everyone was focused on the head of the snake or the ransomware family, leaving the affiliates in a safe environment where they could thrive and expand their knowledge," he said. The indictments against Matveev now stand as "a clear warning that participating in ransomware isn't without consequences: There is a real chance you will be identified, indicted and arrested."

Suggested Correction(s):
Backup your data, system images, and configurations, regularly test them, and keep the backups offline: Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups.

Link(s):
https://www.bankinfosecurity.com/bl...tie-to-ransomware-hit-affecting-cheese-p-3449