Notorious Russian Hacker Connected to Conti and LockBit Ransomware Was Apprehended
Published on December 2, 2024
- A prominent Russian cybercriminal is believed to be connected to several ransomware gangs, like Conti, LockBit, Hive, and more.
- Russian authorities arrested the individual, who is now awaiting trial in the country.
- The man is charged under a local law that concerns the creation, use, and distribution of malware.
Prominent Russian cybercriminal Mikhail Pavlovich Matveev, connected to multiple ransomware operations, including LockBit and Hive, has been apprehended by Russian authorities and is facing charges in Russia.
Law enforcement, in a statement released by the Russian Ministry of Internal Affairs, confirmed that Matveev is accused of developing and deploying malicious programs to encrypt files and demand ransoms in exchange for decryption keys. Â
"The investigator has collected sufficient evidence," the Ministry stated. "The criminal case, with the indictment signed by the prosecutor, has been sent to the Central District Court of the city of Kaliningrad for consideration on the merits."Â Â
Matveev has been charged under Part 1 of Article 273 of the Russian Federation's Criminal Code, which punishes the creation, use, and distribution of software capable of destructing, blocking, or modifying sensitive digital information. Â
This development follows Matveev’s indictment by the U.S. government in May 2023, where he was accused of launching ransomware attacks against thousands of targets, including businesses, hospitals, and public organizations.Â
Operating under aliases such as Wazawaka, m1x, Boriselcin, Uhodiransomwar, and Orange, Matveev has allegedly played significant roles as an affiliate in some of the most prolific ransomware groups, including Conti, LockBit, Hive, Babuk, Trigona, and NoEscape.
Matveev also held a managerial position with the now-defunct Babuk ransomware group until early 2022. Beyond leading ransomware operations, Matveev reportedly collaborated closely with the infamous Russian cybercrime syndicate Evil Corp. Â
According to the U.S. Department of Justice, Matveev openly boasted about his criminal endeavors, suggesting compliance with Russian authorities in exchange for his loyalty to the country.Â
He is subject to sanctions imposed by the U.S. Treasury, with a $10 million reward offered for information leading to his capture or conviction under the Department of State’s "Rewards for Justice" program. Â
A report by Swiss cybersecurity firm PRODAFT further detailed Matveev’s leadership of a team of six penetration testers responsible for assisting his ransomware attacks. The arrest of Matveev raises questions about the level of cooperation—or lack thereof—between Russian authorities and international law enforcement in addressing cybercrime.  Â
Four men were arrested concerning REvil ransomware attacks, and $6.1 million was seized.
One of them is a Ukrainian national allegedly involved in the attack against the US company Kaseya, and another is a Russian national who reportedly participated in Sodinokibi/REvil attacks targeting Texas companies in 2019.
In October, a high-ranking affiliate of the LockBit ransomware gang was revealed to be an alleged leader of Evil Corp.
Related
Most Popular
Most Popular