Total Tests:
Blog Filters reset x
By Incident
By Jurisdiction
Show More

US Offering a $10M Bounty For Info On Russian Ransomware Hacker

Read also: A former Ubiquiti dev sentenced to 6 years in prison, the PharmMerica breach affects millions of patients, and more.

Thursday, May 18, 2023
Views: 6.3k Read Time: 2 min.

US Offering a $10M Bounty For Info On Russian Ransomware Hacker

The US authorities charged ransomware affiliate involved in police departments hacks

The US government unsealed charges against Mikhail Pavlovich Matveev, a Russian national and resident, accused of using the Hive, LockBit and Babuk ransomware to attack critical infrastructure and state agencies in the US, as well as hospitals, schools, nonprofits, and police departments.

Matveev, also known in the cybercriminal community as Wazawaka, m1x, Boriselcin, or Uhodiransomwar, and other members of the Hive, LockBit and Babuk ransomware gangs are said to have attacked over 2,000 victims worldwide, raking in roughly $200 million in ransom payments.

Additionally, the US State Department offered a $10 million reward for information leading to Matveev's arrest and conviction.

ImmuniWeb can help prevent data breaches and meet regulatory requirements.
Request your free demo now and talk to our experts.

A former Ubiquiti dev sentenced to 6 years in prison for data theft, extortion

An ex-employee of networking device maker Ubiquiti was given a 6-year prison sentence after he pleaded guilty to stealing corporate data and attempting to extort nearly $2 million from his now-former employer while pretending to be an anonymous hacker.

In December 2020, Nicholas Sharp, who worked as a senior developer at Ubiquiti and had access to the company’s Amazon Web Services (AWS) and GitHub servers, used his access to steal gigabytes of data from the company. Posing as an anonymous hacker, he demanded that Ubiquiti pay him 50 bitcoins (worth $1.9 million at the time) in exchange for information on the exploited weakness and deletion of the stolen data. However, the company refused to pay and contacted law enforcement instead.

Police eventually identified Sharp as the culprit behind the hack after tracing him to a Surfshark VPN account, which he purchased using his personal PayPal account.

Sharp was arrested in March 2021 and pled guilty in February 2023. In addition to prison sentence, he was ordered to pay almost $1.6 million in restitution.

Spanish police hit two criminal gangs engaged in cyber fraud

The National Police of Spain dismantled two criminal gangs involved in online fraud.

One of the operations conducted by the Spanish police resulted in the arrest of 40 people allegedly part of Trinitarios, a cybercriminal group specializing in phishing and bank fraud. The group is said to have gained access to more than 300,000 bank accounts and stole more than €700,000.

In a separate operation the police disrupted a cybercriminal gang that used automated software to book immigration appointments in Spain’s migration management system. The scammers then resold reservations (which are normally free) to foreigners that seek asylum or want to relocate for a price between €30 and €200.

The authorities detained 69 suspects, including the four alleged leaders of the group.

Founder of dark web credit card market Skynet Market pleads guilty

Michael Mihalo, an Illinois man accused of operating dark web carding platform Skynet Market, has pleaded guilty in the US court.

Besides running Skynet, Mihalo (aka “ggmccloud1”) and his accomplices also sold stolen credit and debit card numbers and other financial data on various underground marketplaces, including the now-defunct AlphaBay, Hansa, and Wall Street Market.

Between February 2016 and October 2019, ggmccloud1 and his co-conspirators conducted tens of thousands of transactions exceeding $1 million total.

Mihalo has pleaded guilty to access device fraud and money laundering. A sentencing date has not yet been set.

ImmuniWeb Newsletter

Get exclusive updates and invitations to our events and webinars:

Private and Confidential Your data will stay private and confidential

Data of millions of patients allegedly stolen in PharmMerica breach

PharmMerica, one of the largest pharmacy services providers in the United States, confirmed a security breach after the Money Message ransomware group listed the health giant and its parent company, BrightSpring Health Services, on their data leak website.

The threat actor claimed to have stolen databases containing 4.7TB of information, including the records of more than 2 million individuals. The gang later published some of the data allegedly stolen from PharMerica.

In a data breach notification PharMerica said it discovered the intrusion on March 14, 2023. An investigation found that the attackers accessed the company’s computer systems between March 12 and March 13 and may have stolen personal data and limited medical information, including names, dates of birth, Social Security numbers, medication lists and health insurance information.

PharMerica said it has no evidence that the compromised data was misused by malicious actors.

What’s next:

Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential