Fraud Management & Cybercrime , Ransomware

Alleged Babuk Ransomware Hacker 'Wazawaka' Indicted in US

Mikhail Matveev Also Faces Sanctions and $10 Million Reward for His Arrest
Alleged Babuk Ransomware Hacker 'Wazawaka' Indicted in US
Mikhail Pavlovich Matveev, aka "Wazawaka," is wanted by the FBI (Image: FBI)

A Russian man the U.S. federal government says has been a key actor in Russian ransomware hacking faces indictment in two American jurisdictions and economic sanctions. A $10 million reward exists for information leading to his arrest.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

The man, Mikhail Matveev, 31, aka "Wazawaka," was a central figure in the Babuk ransomware-as-a-service gang. Babuk became inactive shortly after it hacked the Washington, D.C. Metropolitan Police Department in 2021, demanding $4 million in extortion and subsequently dumping what the group said was 250 gigabytes of law enforcement data. A Washington grand jury indicted Matveev on two felony charges connected with the incident.

Federal prosecutors in New Jersey say in a four-count indictment that Matveev also deployed LockBit and Hive ransomware. Their indictment accuses the hacker of using LockBit encryption in June 2020 against a law enforcement agency in Passaic County, and in May 2022 attacking a nonprofit behavorial healthcare organization in Mercer County with Hive ransomware.

“From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors,” said Assistant Attorney General Kenneth A. Polite Jr. of the Department of Justice's Criminal Division.

The Justice Department said ransomware demands from the three groups adds up to as much as $400 million, and actual payments amount to up to $200 million. Federal agents infiltrated Hive and in January assisted in a multinational law enforcement operation to take control of its infrastructure (see: FBI Seizes Hive Ransomware Servers in Multinational Takedown).

The Department of the Treasury added Matveev to a sanctions blacklist preventing U.S. persons from transacting with him and subjecting his assets to seizure. The department said Matveev currently resides in Kaliningrad, a Russian-controlled Baltic port city exclave. The FBI said he has ties to St. Petersburg and is known to travel between the locations. The State Department announced it will pay up to $10 million for information leading to his arrest. Russia does not extradite its nationals and has long tolerated ransomware hackers operating within its borders. The federal government estimates that three-quarters of known ransomware incidents have a connection to Russia.

"Matveev has been vocal about his illegal activities. He has provided insight into his cybercrimes in media interviews, disclosed exploit code to online criminals, and stated that his illicit activities will be tolerated by local authorities provided that he remains loyal to Russia," the Treasury Department said.

Matveev responded to today's flurry of federal activities in a comment to CNN sent over Twitter, in which he "replied with a video with a Russian man repeating the phrase, 'I don't give a f*** at all.'"

The ransomware hacker has cut a singular profile in the ransomware world. Cybersecurity reporter Brian Krebs reported in early 2022 that other Russian cybercriminals believed that Matveev had "lost his mind."

About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.