US Offering a $10M Bounty For Info On Russian Ransomware Hacker
Read also: A former Ubiquiti dev sentenced to 6 years in prison, the PharmMerica breach affects millions of patients, and more.
Thursday, May 18, 2023
The US authorities charged ransomware affiliate involved in police departments hacks
The US government unsealed charges against Mikhail Pavlovich Matveev, a Russian national and resident, accused of using the Hive, LockBit and Babuk ransomware to attack critical infrastructure and state agencies in the US, as well as hospitals, schools, nonprofits, and police departments.
Matveev, also known in the cybercriminal community as Wazawaka, m1x, Boriselcin, or Uhodiransomwar, and other members of the Hive, LockBit and Babuk ransomware gangs are said to have attacked over 2,000 victims worldwide, raking in roughly $200 million in ransom payments.
Additionally, the US State Department offered a $10 million reward for information leading to Matveev's arrest and conviction.
Request your free demo now and talk to our experts.
A former Ubiquiti dev sentenced to 6 years in prison for data theft, extortion
An ex-employee of networking device maker Ubiquiti was given a 6-year prison sentence after he pleaded guilty to stealing corporate data and attempting to extort nearly $2 million from his now-former employer while pretending to be an anonymous hacker.
In December 2020, Nicholas Sharp, who worked as a senior developer at Ubiquiti and had access to the company’s Amazon Web Services (AWS) and GitHub servers, used his access to steal gigabytes of data from the company. Posing as an anonymous hacker, he demanded that Ubiquiti pay him 50 bitcoins (worth $1.9 million at the time) in exchange for information on the exploited weakness and deletion of the stolen data. However, the company refused to pay and contacted law enforcement instead.
Police eventually identified Sharp as the culprit behind the hack after tracing him to a Surfshark VPN account, which he purchased using his personal PayPal account.
Sharp was arrested in March 2021 and pled guilty in February 2023. In addition to prison sentence, he was ordered to pay almost $1.6 million in restitution.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
Spanish police hit two criminal gangs engaged in cyber fraud
The National Police of Spain dismantled two criminal gangs involved in online fraud.
One of the operations conducted by the Spanish police resulted in the arrest of 40 people allegedly part of Trinitarios, a cybercriminal group specializing in phishing and bank fraud. The group is said to have gained access to more than 300,000 bank accounts and stole more than €700,000.
In a separate operation the police disrupted a cybercriminal gang that used automated software to book immigration appointments in Spain’s migration management system. The scammers then resold reservations (which are normally free) to foreigners that seek asylum or want to relocate for a price between €30 and €200.
The authorities detained 69 suspects, including the four alleged leaders of the group.
Founder of dark web credit card market Skynet Market pleads guilty
Michael Mihalo, an Illinois man accused of operating dark web carding platform Skynet Market, has pleaded guilty in the US court.
Besides running Skynet, Mihalo (aka “ggmccloud1”) and his accomplices also sold stolen credit and debit card numbers and other financial data on various underground marketplaces, including the now-defunct AlphaBay, Hansa, and Wall Street Market.
Between February 2016 and October 2019, ggmccloud1 and his co-conspirators conducted tens of thousands of transactions exceeding $1 million total.
Mihalo has pleaded guilty to access device fraud and money laundering. A sentencing date has not yet been set.
Data of millions of patients allegedly stolen in PharmMerica breach
PharmMerica, one of the largest pharmacy services providers in the United States, confirmed a security breach after the Money Message ransomware group listed the health giant and its parent company, BrightSpring Health Services, on their data leak website.
The threat actor claimed to have stolen databases containing 4.7TB of information, including the records of more than 2 million individuals. The gang later published some of the data allegedly stolen from PharMerica.
In a data breach notification PharMerica said it discovered the intrusion on March 14, 2023. An investigation found that the attackers accessed the company’s computer systems between March 12 and March 13 and may have stolen personal data and limited medical information, including names, dates of birth, Social Security numbers, medication lists and health insurance information.
PharMerica said it has no evidence that the compromised data was misused by malicious actors.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
