A Russian cybercriminal wanted in the US in connection with the LockBit and Hive ransomware operations has been arrested by the country’s law enforcement agencies.
According to A news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev was accused of developing malware designed to encrypt files and demand a ransom in exchange for a decryption key.
“Currently, the investigators have collected enough evidence, the criminal case with the indictment signed by the prosecutor has been sent to the court of the Central District of the city of Kaliningrad for review on the merits,” – says the message of the Ministry of Internal Affairs of Russia. statement.
Matsveev was charged under Art Part 1 of Art. 273 of the Criminal Code of the Russian Federation, which relates to the creation, use and distribution of computer programs capable of causing “destruction, blocking, alteration or copying of computer information”.
He was indictment and indictment by the US government in May 2023 for launching ransomware attacks against “thousands of victims” in the country and around the world. He is also known by various internet aliases Wazawaka, m1x, Boriselcin, Uhodiransomwar and Orange.
Matveev also spoke publicly about his criminal activities, saying that “his illegal activities will be tolerated by the local authorities, provided that he remains loyal to Russia.” He was sanctioned by the US Treasury Department and offered a reward of up to $10 million for any information leading to his arrest or conviction.
The following report by Swiss cyber security firm PRODAFT revealed that Matveev led a team of six penetration testers to carry out ransomware attacks.
In addition to working as an affiliate for the Conti, LockBit, Hive, Trigona, and NoEscape ransomware groups, he is said to have held a leadership role in the Babuk ransomware group until early 2022. He is also believed to have deeper ties to the Russian cybercriminal group known as Evil Corp.
The development comes just over a month after four members of the now-defunct REvil ransomware operation were awarded to several years in prison in Russia after being found guilty of hacking and money laundering.
