When the U.S. sanctions a country, a business, or a group, the intent is to A) confiscate any and all property owned by the designee within the U.S. or in the possession of a U.S. person, and B) add the designee to the Specially Designated Nationals and Blocked Persons (SDN) List.
In Matveev’s case, according to OFAC, he’s responsible for ransomware attacks against U.S. law enforcement, businesses, and critical infrastructure using a number of ransomware variants including Hive, LockBit, and Babuk. In other words, he’s bad news, so stay away from him.
The ramification for U.S. organizations is that if Matveev is responsible for a ransomware attack against your company, you cannot pay the ransom. According to the sanction:
“OFAC’s regulations generally prohibit all dealings by U.S. persons or within the United States (including transactions transiting the United States) that involve any property or interests in property of blocked or designated persons.”
So, if paying the ransom isn’t an option, you have two options left – have really solid backups and a great disaster recovery strategy and/or work to keep ransomware attacks from being successful. The latter involves a layered security strategy of solutions that include security awareness training to ensure users play a role in stopping those phishing-based attacks that make their way to the inbox.