Article Details

Russia arrests cybercriminal Wazawaka for ties with ransomware gangs. Russian citizen and notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) has been reportedly indicted in Russia for his involvement in several hacking groups. While the prosecutor's office has yet to release any details on the individual's identity (described as a "programmer" in court documents), the individual is Matveev, according to an anonymous source of the Russian state-owned news agency RIA Novosti. "At present, the investigator has collected sufficient evidence, the criminal case with the indictment signed by the prosecutor has been sent to the Central District Court of the city of Kaliningrad for consideration on the merits," the Russian Ministry of Internal Affairs said in a statement. As first spotted by cyber policy expert Oleg Shakirov, Matveev is accused of developing ransomware (described by the prosecutor's office notes as "specialized malicious software" that can encrypt files and data) that he planned to use for encrypting the data "of commercial organizations with subsequent ransom for decryption." Last year, in May 2023, the U.S. Justice Department also filed charges against Matveev for his involvement in the Hive and LockBit ransomware operations that targeted victims across the United States. He is also believed to be "Orange," the original creator and admin of the Ramp hacking forum, and the original admin of the Babuk ransomware operation, which split up after members split on whether they should publish data stolen from the Washington DC Capital Police Force. A Justice Department press release and unsealed indictments in New Jersey and the District of Columbia provide an approximate timeline of his activity while working with the three ransomware gangs: Matveev was also sanctioned by the Department of the Treasury's Office of Foreign Assets Control (OFAC) for launching cyberattacks against U.S. entities, including U.S. law enforcement and critical infrastructure organizations. The U.S. Department of State is also offering a reward of up to $10 million for any information that could lead to his arrest or conviction for transnational organized crime. Matveev has had a very vocal online presence. He frequently talked with cybersecurity researchers and professionals and openly discussed his cybercrime activity using his (still active) Twitter account, RansomBoris. After being sanctioned by the U.S., Matveev openly taunted U.S. law enforcement, tweeting a picture of his wanted poster on a t-shirt.