Russian authorities have arrested Mikhail Pavlovich Matveev, a notorious cybercriminal wanted by the U.S. for his involvement in ransomware operations. Matveev, known by various aliases such as Wazawaka, m1x, and Boriselcin, has been charged under the Criminal Code of the Russian Federation for creating and distributing malicious software designed to encrypt files and demand ransom payments. According to the Russian Ministry of Internal Affairs, sufficient evidence has been collected against Matveev, and the criminal case has been sent to the Central District Court of Kaliningrad for consideration.
Matveev was previously indicted by the U.S. government in May 2023 for launching ransomware attacks against thousands of victims worldwide. Matveev has openly discussed his criminal activities, stating that local authorities would tolerate his illicit activities as long as he remained loyal to Russia. The U.S. Treasury sanctioned him and offered a reward of up to $10 million for information leading to his arrest or conviction.
A report from Swiss cybersecurity firm PRODAFT revealed that Matveev led a team of six penetration testers to carry out ransomware attacks.
Russian authorities detain ransomware suspect
He worked as an affiliate for various ransomware groups, including Conti, LockBit, Hive, Trigona, and NoEscape.
Matveev also held a management-level role with the Babuk ransomware group until early 2022 and is believed to have deeper ties with the Russian cybercrime group Evil Corp. This arrest follows the sentencing of four members of the now-defunct REvil ransomware operation in Russia last month. The security research community “club1337” confirmed that Matveev had been arrested, paid fines, and forfeited some cryptocurrency earned from his activities.
He is currently out on bail awaiting further legal proceedings. In a related case, Stanislav Moiseyev, the founder of a now-defunct darknet marketplace, has been fined 4 million rubles. These recent actions against Russian cybercriminals mark an unusual departure from the norm, as the Kremlin rarely prosecutes its own hackers as long as they avoid targeting companies and individuals within its borders.
