Notorious ransomware programmer Mikhail Pavlovich Matveev arrested in Russia

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups.

Russian authorities arrested a ransomware affiliate, Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin), and charged him for developing malware and his role in several hacking groups.

The man was arrested in Kaliningrad, Russia, law enforcement investigations linked him to Lockbit, Conti, and BABUK operations.

“The Kaliningrad Interior Ministry and the prosecutor’s office reported that the case of a programmer accused of creating a malicious program has been sent to court; according to a RIA Novosti source, this is hacker Mikhail Matveyev, for whom the American FBI is offering a $10 million reward for help in capturing him.” reported RIA Novosti. 

Russian news agency RIA Novosti, citing an anonymous source, confirmed that the arrested man is the “programmer” as Mikhail Matveev, as reported in court documents.

“At present, the investigator has collected sufficient evidence, the criminal case with the indictment signed by the prosecutor has been sent to the Central District Court of the city of 
Kaliningrad for consideration on the merits,” the press service of the Ministry of Internal Affairs said in a statement.

Matveyev faces charges under Russian law for creating programs designed to destroy, block, modify, or copy data, or bypass computer security measures.

In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev for his alleged role in multiple ransomware attacks.

The DoJ unsealed two indictments charging the man with using three different ransomware families in attacks aimed at numerous victims throughout the United States. The attacks hit law enforcement agencies in Washington, D.C. and New Jersey, as well as organizations in the healthcare and other sectors nationwide.

On or about June 25, 2020, Matveev and his LockBit coconspirators targeted a law enforcement agency in Passaic County, New Jersey. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. On April 26, 2021, Matveev and his Babuk coconspirators hit the Metropolitan Police Department in Washington, D.C.

The Russian citizen was charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, the man could face a sentence of over 20 years in prison.

In May 2023, Matveev was also added to the FBI’s Most Wanted list. The Treasury Department sanctioned the ransomware actor. The Department of State offered up to $10 million for information that leads to the arrest of the man.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)