Your IP:
·
Your ISP:
·
Your Status:

Russian Cybercriminal Tied to Hive and LockBit Ransomware Taken Into Custody

lockbit

Two days ago, the Russian cybercriminal Mikhail Pavlovich Matveev was arrested by Russian law enforcement authorities. This action appears to have been independently carried out by Russia, despite Matveev being wanted in the United States for his involvement in ransomware operations like LockBit and Hive, which targeted “thousands of victims” according to the U.S. authorities. The exact details of how authorities unmasked him remain unknown.

Matveev, also known by various aliases, such as Wazawaka, m1x, Boriselcin, Uhodiransomwar, and Orange was indicted in U.S. courts on May 2023 for his involvement in numerous ransomware attacks, including operations with Hive and LockBit, which targeted victims globally.

Matveev's arrest was confirmed by Russia's Ministry of Internal Affairs, which stated that his case had been forwarded to the Central District Court in Kaliningrad for trial. The criminal charges he faces pertain to Part 1 of Article 273 of the Russian Federation’s Criminal Code, which translates to the creation, use, and distribution of malicious software capable of causing the "destruction, blocking, modification, or copying of computer information."

Furthermore, the U.S. Treasury offered a $10 million reward for information leading to his capture, underscoring his significance in the international fight against cybercrime. No doubt US authorities will want their piece of the pie, once Russia decides the threat actor’s fate.

​"At present, the investigator has collected sufficient evidence, the criminal case with the indictment signed by the prosecutor has been sent to the Central District Court of the city of Kaliningrad for consideration on the merits," said the Russian Ministry of Internal Affairs in a statement.

This case is another lesson in OPSEC when hackers tend to boast about their exploits online and speak presumptuously about their criminal activities being tolerated by local law enforcement. Such imaginative declarations tend to attract the opposite effect, regardless of his claim that he remains loyal to Russia while breaking Russian cybercrime laws.

Moreover, a report by the Swiss cybersecurity firm PRODAFT disclosed that Matveev was orchestrating a group of six penetration testers who were complicit in the ransomware operations.

Since most ransomware groups cooperate with other groups, his cybercriminal activities extended across multiple ransomware groups such as Conti, LockBit, Hive, Trigona, and NoEscape. His involvement is further linked to Evil Corp, a prominent Russian cybercrime organization, suggesting deeper connections within the criminal underworld.

Russian cybercriminal Mikhail Pavlovich Matveev, also known by aliases such as Wazawaka and Orange, was arrested by Russian authorities two days ago. Despite being wanted in the U.S. for his involvement in ransomware operations like Hive and LockBit, which targeted thousands globally, the arrest was independently carried out by Russia.

Matveev's capture was confirmed by Russia’s Ministry of Internal Affairs, which announced that his case had been forwarded to the Central District Court in Kaliningrad for trial. He faces charges under Part 1 of Article 273 of the Russian Federation’s Criminal Code for creating and distributing malicious software capable of causing destruction or manipulation of computer information. According to officials, "the investigator has collected sufficient evidence, and the criminal case, with the indictment signed by the prosecutor, has been sent to court."

In parallel, the U.S. indicted Matveev in May 2023 for numerous ransomware attacks and offered a $10 million reward for information leading to his arrest. His cybercriminal activities spanned several ransomware groups, including Conti, LockBit, Hive, Trigona, and NoEscape. A report by Swiss cybersecurity firm PRODAFT revealed that Matveev managed a team of six penetration testers who facilitated these ransomware operations. His deeper ties to Evil Corp, a notorious Russian cybercrime organization, highlight his extensive connections within the cybercrime world.

The case also underscores a broader lesson in operational security (OPSEC). Matveev’s public boasts about his exploits and dismissive attitude toward law enforcement seem to have backfired, culminating in his arrest.

This high profile arrest emphasized the importance for law enforcement in knocking down some of the pilliars among ransomware gangs. Matveev’s complicity alone in Lockbit operations links him to over 1,400 attacks, with ransom demands exceeding over $100 million.

Among some of the notable victims Matveev’s cybercrimes impacted are the Washington, D.C., Metropolitan Police Department (MPD), targeted in April 2021. Matveev, working with the Babuk ransomware group, hijacked sensitive data, and threatened to release it unless a ransom was paid, which consequently disrupted police operations.

These attacks also extended the Prospect Park Police Department in Passaic County, New Jersey, impacting its operational capabilities. Furthermore, their operations also disrupted the critical infrastructure sector, in their high-tech heist to get rich fast.

In May 2022, his group attacked multiple healthcare organizations, including a nonprofit behavioral healthcare organization in Mercer County, New Jersey. They encrypted the organizations systems, essentially holding it hostage which likewise disrupted critical operations and exposing sensitive data.

Matvee’s attacks showed no discrimination, as clearly nothing was considered off-limits. With his affiliation with LockBit and Hive ransomware gangs, they attacked schools across the U.S., Asia, Europe, and even Africa.

In the United States, the longest prison sentence handed down in a ransomware case is 13 years and 7 months. This was given to Yaroslav Vasinkskyi, a Ukrainian national involved in over 2,500 ransomware attacks using the REvil ransomware, which demanded a whopping $700 million in payouts.

In the culmination of the sheer volume of attacks Vasinkskyi was responsible for, it is important to note that the USA and Russia do not share an extradition treaty. However, whether Russia will seek to promote respect for the law by extraditing Matveev to the U.S. is ostensibly something that has yet to be determined.

Leave a Comment
open
chevron-triple-rightaccount-circle