Russia arrests ransomware attacker Wazawaka

An anonymous Russian news source says Mikhail Pavlovich Matveev is in custody.

FBI

One of the world’s most notorious hackers could finally be in custody. Bleeping Computer reports that ransomware affiliate Mikhail Pavlovich Matveev also known as Wazawaka, Uhodiransomwar, m1x and Boriselcin has been arrested.

Prosecutors have not confirmed if Matveev is under arrest, but reports indicate that Matveev may be the hacker in Russian custody. The Russian state news agency РИА Новости (translated on BlueSky by the Center for Strategic Research’s Oleg Shakirov) reported that the Kaliningrad Interior Ministry and Russian prosecutors sent a case of “a programmer accused of creating a malicious program” to court. An anonymous source with knowledge of the matter confirms that Matveev is the programmer.

Matveev is also wanted on charges in the US for launching attacks on US law enforcement agencies and healthcare organizations as far back as 2020. The US State Department is offered a $10 million reward for information leading to his capture in May of last year when the Department of Justice filed criminal charges against him. If he’s in Russian custody, the US may not get a chance to prosecute him.

Matveev, a Russian national, has links to ransomware hacking groups such as Hive, LockBit and Babuk. He’s linked to a number of attacks including an April 2021 lockout attack on the systems of the Washington D.C. Metropolitan Police Department. More than a year later, he allegedly helped launch a Hive ransomware attack on a healthcare NGO in New Jersey.

Attacks from LockBit are particularly destructive and egregious. In late 2022, the group infected the computer systems of 1,400 victims including a Holiday Inn hotel in Turkey. The Treasury Department’s Office of Foreign Assets Control also placed sanctions against Matveev for his role in several ransomware attacks on US services and critical infrastructure targets. The Justice Department believes Matveev has extracted more than $75 million from his victims in ransom payments.