In January 2022, KrebsOnSecurity identified a Russian man namedMikhail Matveev as “Wazawaka,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.
An FBI wanted poster for Matveev.
Matveev, a.k.a. “Wazawaka” and “Boriselcin” worked with at least three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies, U.S. prosecutors allege.
Russia’s interior ministry last week issueda statement saying a 32-year-old hacker had been charged with violating domestic laws against the creation and use of malicious software. The announcement didn’t name the accused, but the Russian state news agencyRIA Novosticited anonymous sources saying the man detained is Matveev.
Matveev did not respond to requests for comment.Daryna Antoniuk atTheRecordreports that a security researcher said on Sunday they had contacted Wazawaka, who confirmed being charged and said he’d paid two fines, had his cryptocurrency confiscated, and is currently out on bail pending trial.
Matveev’s hacker identities were remarkably open and talkative on numerous cybercrime forums. Shortly afterbeing identified as Wazawaka by KrebsOnSecurity in 2022, Matveevpublished multiple selfie videos on Twitter/X where he acknowledged using the Wazawaka moniker and mentioned several security researchers by name (including this author). More recently, Matveev’s X profile (@ransomboris)posted a picture of a t-shirt that features the U.S. government’s “Wanted” poster for him.
An image tweeted by Matveev showing the Justice Department’s wanted poster for him on a t-shirt. image: x.com/vxunderground
The golden rule of cybercrime in Russia has always been that as long as you never hack, extort or steal from Russian citizens or companies, you have little to fear of arrest. Wazawaka claimed he zealously adhered to this rule as a personal and professional mantra.
“Don’t shit where you live, travel local, and don’t go abroad,” Wazawaka wrote in January 2021 on the Russian-language cybercrime forum Exploit. “Mother Russia will help you. Love your country, and you will always get away with everything.”
Still, Wazawaka may not have always stuck to that rule. At several points throughout his career, Wazawaka claimed he made good money stealing accounts from drug dealers on darknet narcotics bazaars.
Cyber intelligence firmIntel 471 said Matveev’s arrest raises more questions than answers, and that Russia’s motivation here likely goes beyond what’s happening on the surface.
“It’s possible this is a shakedown by Kaliningrad authorities of a local internet thug who has tens of millions of dollars in cryptocurrency,” Intel 471 wrote in an analysis published Dec. 2. “The country’s ingrained, institutional corruption dictates that if dues aren’t paid, trouble will come knocking. But it’s usually a problem money can fix.
Intel 471 says while Russia’s court system is opaque, Matveev will likely be open about the proceedings, particularly if he pays a toll and is granted passage to continue his destructive actions.
“Unfortunately, none of this would mark meaningful progress against ransomware,” they concluded.
Although Russia traditionally hasn’t put a lot of effort into going after cybercriminals within its borders, it has brought a series of charges against alleged ransomware actors this year. In January, four men tied to the REvil ransomware group were sentenced to lengthy prison terms. The men were among14 suspected REvil members rounded up by Russia in the weeks before Russia invaded Ukraine in 2022.
Earlier this year, Russian authorities arrested at least two men for allegedly operating the short-livedSugarlocker ransomware program in 2021.Aleksandr Ermakov andMikhail Shefel (now legallyMikhail Lenin)ran a security consulting business calledShtazi-IT. Shortly before his arrest, Ermakov became the first ever cybercriminal sanctioned by Australia, which alleged he stole and leaked data on nearly 10 million customers of the Australian health giant Medibank.
In December 2023, KrebsOnSecurityidentified Lenin as “Rescator,” the nickname used by the cybercriminal responsible for selling more than 100 million payment cards stolen from customers of Target and Home Depot in 2013 and 2014. Last month, Shefeladmitted in an interview with KrebsOnSecurity that he was Rescator, and claimed his arrest in the Sugarlocker case was payback for reporting the son of his former boss to the police.
Ermakov was sentenced to two years probation. But on the same day my interview with Lenin was published here, a Moscow court declared him insane, and ordered him to undergo compulsory medical treatment, The Record’s Antoniuk notes.
14 thoughts on “U.S. Offered $10M for Hacker Just Arrested by Russia”
Donald If Russia turns him over to the USA do we pay them $10 mil?
Nimatashi This may be normal taxation by other means in a war economy. Crypto currencies allow the government to circumvent hard currency sanctions.
can't wait for the nukes shhhhh… here is a little secret but don’t tell anyone.. lol
capitalist – they will sell you the rope to hang your sell yourself
communist – they will force you to make the rope, then force you to hang yourselfdon’t be fooled – while everyone plays cops and robbers, cat and mouse, the people who pull the strings
laugh all the way to the bank.. just like those who sold the picks and axes made monay from the gold rush
the same can be true for sec ops and black hat business.the gov can request any and all data at any point or no ss card, no citizenship, no business, end of story – don’t matter cap or com.
P.D. Man, I really feel for anyone with your nihilistic worldview. It must be very unpleasant to be in your skin.
ohh the times are changin.. somethin shelter from the storm lol, reality doesn’t care about nihilism, rhetoric, philosophy, or comments that seem witty but in the end are nonsense.
Not accepting reality and truth is a much more unpleasant existence, but don’t worry reality just like entropy teaches everyone.
not the dramma from your momma just nobody like you was once like you: worked hard, kept my nose clean, did everything right, didn’t let people treat me as a door mat
but after a while if you read enough history in books and unwritten history..the extremely wealthy always fooks over the poor
GI JOE – knowing is half the battle
Skateboarder logic – the greatest battle lies within (daniel san)
EvilSanta lol, more criminals robbing criminals. They will keep his ill gotten gains and offer him a front row on the war front. I suspect they let him out on bail to see where and to who he goes to check his backup stash, before putting boots on him.
Tyler With the conscription for crimes it’s probably an easy way to bolster the Russian government cyber teams.
wowza But on the same day my interview with Lenin was published here, a Moscow court declared him insane
In Russia it is popular to go for “insane” label in order to avoid imprisonment in facilities with common criminals. Basically this means that tug will get some pills and be home by noon. That’s it.
mealy Anyone who thinks Russia is getting paid just lol.
Shelby 11 thoughts on “U.S. Offered $10M for Hacker Just Arrested by Russia”
Phil I just want Biden out and Trump in. No nuclear war. No money or arms to Ukraine. It’s pretty simple.We gain nothing by helping Ukraine.
Comments are closed.
