CyberInsider

Reliable cybersecurity news and resources

General

Guides

About

Cyber Insider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Russian Authorities Arrest Infamous Ransomware Actor “Wazawaka”

By Leave a Comment

Russian authorities have arrested Mikhail Pavlovich Matveev, a notorious ransomware affiliate better known by his aliases “Wazawaka,” “m1x,” “Boriselcin,” and “Uhodiransomwar.” The FBI had placed Matveev on its radar for his involvement in high-profile ransomware operations, offering a $10 million reward for information leading to his arrest, but the threat actor is in Russia’s police hands now.

Matveev is a 32-year-old Russian national who gained notoriety not just for his cybercrimes but for his brash online presence. Operating under the Twitter handle “RansomBoris,” Matveev openly mocked U.S. law enforcement, even wearing a t-shirt featuring his FBI wanted poster after being sanctioned. His outspoken nature contrasted sharply with the covert operations of his affiliated ransomware gangs.

Wazawaka's arrest

According to a statement from the Ministry of Internal Affairs, the Kaliningrad Prosecutor’s Office has gathered sufficient evidence to proceed with a trial. An anonymous source identified the defendant, described in court documents only as a “programmer,” as Matveev. He faces charges of developing and deploying ransomware designed to encrypt data on commercial organizations' systems and extort ransom payments for decryption.

Matveev, currently indicted in the Central District Court of Kaliningrad, is charged under Russia's Article 273 of the Criminal Code for creating malicious software intended to destroy or block computer data without authorization. Authorities accuse him of direct ties to several ransomware syndicates, including LockBit, Babuk, and Hive, known for targeting U.S. and European organizations.

Matveev’s ransomware activity

Mikhail Matveev’s cybercrime record includes his involvement in significant ransomware attacks:

  • LockBit: Deployed against a law enforcement agency in New Jersey in June 2020.
  • Babuk: Used in April 2021 to encrypt systems of Washington D.C.'s Metropolitan Police Department.
  • Hive: Utilized in May 2022 against a New Jersey-based nonprofit healthcare organization.

The U.S. Department of Justice (DoJ) linked Matveev to these attacks in indictments unsealed in 2022 and 2023. Additionally, the Department of the Treasury sanctioned him for his involvement in cyberattacks against U.S. critical infrastructure and law enforcement entities.

FBI

The FBI considers Matveev a central figure in the development and operation of the Babuk ransomware variant. Babuk’s infamous attack on Washington D.C.’s police department in 2021 led to the theft and attempted publication of sensitive police files, sparking internal conflict within the gang.

While the arrest of Matveev marks a significant victory in the fight against ransomware, given the current geopolitical situation, it’s unlikely that the Russian authorities will engage in international cooperation to uncover the threat actor’s collaborators.

About Alex Lekander

Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *