Mikhail Matveev, a Russian hacker known by various aliases including Wazawaka, has been arrested and indicted by Russian law enforcement for his alleged involvement in developing malware and ties to several ransomware gangs. According to court documents, Matveev is identified as a “programmer” and is accused of creating specialized malicious software designed to encrypt files and data of commercial organizations, with the intent to extort ransom payments for decryption. Matveev has a notorious history and was wanted by the FBI.
In May 2023, the U.S. Justice Department implicated him in ransomware operations targeting victims across the United States. He is also believed to be the original creator and admin of the Ramp hacking forum, known as “Orange.”
Unsealed indictments provide a timeline of Matveev’s activities with various ransomware gangs.
matveev’s ransomware operations detailed
In June 2020, Matveev and his LockBit co-conspirators allegedly deployed LockBit ransomware on the network of a law enforcement agency in Passaic County, New Jersey. In April 2021, the defendant and Babuk ransomware co-conspirators allegedly targeted a law enforcement agency in Washington, D.C. In May 2022, Matveev and Hive ransomware gang members allegedly encrypted the systems of a nonprofit behavioral healthcare organization in Mercer County, New Jersey. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Matveev for launching cyberattacks against U.S. entities, including law enforcement and critical infrastructure organizations.
The U.S. Department of State is offering a reward for information leading to his arrest or conviction for transnational organized crime. Matveev maintained a vocal online presence, engaging with cybersecurity researchers and professionals using his active Twitter account, RansomBoris. He openly discussed his cybercrime activities and taunted law enforcement by sharing a picture of his wanted poster on a t-shirt after being sanctioned by the U.S.
The Russian Ministry of Internal Affairs stated that sufficient evidence has been collected, and the criminal case with the signed indictment has been sent to the Central District Court of Kaliningrad for consideration on the merits.
