Russian hacker arrested...in Russia

Assumed to be a money grab

A hacker and ransomware developer, Mikhail Pavlovich Matveev, known by his online alias "Wazawaka," has been arrested in Russia.

The 32-year-old man, who was on the FBI's Most Wanted list, is accused of being a key player in multiple ransomware operations, including LockBit, Conti, and Babuk.

These groups have been responsible for numerous high-profile attacks targeting critical infrastructure, healthcare facilities and government agencies worldwide.

According to local media, Matveev's arrest comes not at the request of the US, but rather as the result of an investigation by Russia's Kaliningrad Interior Ministry.

The prosecutor's office claims Matveev developed ransomware programmes used against commercial organisations, leading to charges being filed in January 2024.

"At present, the investigator has collected sufficient evidence, [and] the criminal case with the indictment signed by the prosecutor has been sent to the Central District Court of the city of Kaliningrad for consideration on the merits," said Russia's Ministry of Internal Affairs.

Last year, the US Department of Justice indicted Matveev on charges of conspiracy to transmit ransomware demands and intentional damage to protected computers.

The charges stem from attacks on law enforcement agencies in New Jersey and Washington, D.C., as well as healthcare organisations and other critical infrastructure.

Collectively, these attacks allegedly caused financial damages exceeding $200 million across 2,800 incidents. The government offered a $10 million reward for information leading to his arrest.

"From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors," said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department's Criminal Division, in May last year.

"These international crimes demand a coordinated response. We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem."

At present, the motives behind Russia's decision to prosecute Matveev remain murky. The country has historically turned a blind eye to cybercriminals operating within its borders, provided their activities target foreign entities and align with Kremlin interests.

Some experts believe Russian authorities may have targeted Matveev due to his increasingly erratic behaviour, a potential argument with Russian authorities, or his involvement in ransomware activities that had the potential to harm Russian interests.

Stephen Robinson, senior threat intelligence analyst at WithSecure, told The Register that Russia's strained economy, exacerbated by the ongoing war in Ukraine, may have forced the government to crack down on cybercriminals who are not contributing to the state.

"Russian individuals, organisations and even the state itself are all feeling the cost of the invasion of Ukraine and of international sanctions, so the simplest possible explanation is that this is some kind of money grab," Robinson said.

"Ransomware groups have demanded billions of dollars in ransoms, not to mention all of the other frauds and scams that come out of Russia. Most of the assets of these criminals are likely to be in cryptocurrency, which means they are not only somewhat sanction-proof, but they have also nearly tripled in value in the last year."

In October Russia sentenced four members of the REvil ransomware gang, a move some analysts attributed to international pressure, particularly a direct appeal from US President Joe Biden.

While Matveev's arrest aligns with longstanding US demands for crackdowns on ransomware groups, there is no evidence suggesting direct collaboration between Moscow and Washington on this case.

That means the fate of Matveev – who is simultaneously a wanted man in the US and a defendant in a Russian courtroom – remains uncertain.