Ransomware suspect Wazawaka reportedly arrested by Russia

Russian authorities have charged a high-profile hacker for creating malware used to blackmail commercial organizations, the Russian interior ministry said in a statement late last week.

The local state news agency RIA Novosti, citing anonymous sources, reported that the hacker is Mikhail Matveev, also known as Wazawaka, an affiliate of ransomware groups such as Babuk, Conti, DarkSide, Hive and LockBit.

A security researcher using the alias “club1337” reported on Sunday that they had contacted Wazawaka, who confirmed he had been charged in Russia. Matveev reportedly stated that he had paid two fines and had a substantial amount of cryptocurrency confiscated. “He is currently out on bail, unharmed, and awaiting the next steps in the legal process,” club1337 said.

Recorded Future News was unable to independently verify this report.

Russia’s prosecutor general said in a statement last week — likely referring to Wazawaka — that a 32-year-old hacker had been charged under Article 273 of the country’s Criminal Code, which criminalizes the creation or use of software designed to damage, disrupt, or manipulate information systems or data. If found guilty, Matveev could face up to four years in prison or a fine.

According to the investigation, he developed malware in January of this year to obtain illegal profits. The accused intended to use it to encrypt commercial organizations' data and demand a ransom for decryption, Russian prosecutors said.

Matveev was indicted and sanctioned by the U.S. government last May. The State Department posted an award of up to $10 million for information that leads to his capture or conviction, the standard amount for major cybercrime suspects. He was also added to America’s cyber Most Wanted list by the FBI.

Among Matveev's alleged crimes is the April 2021 attack on the Washington, D.C., Metropolitan Police Department, which the U.S. says he carried out as part of the Babuk ransomware gang. The group claimed to have stolen over 250 GB of data from police servers and threatened to expose the information if the department didn’t pay a ransom.

In a 2023 interview with Recorded Future News’ Click Here podcast, Wazawaka said that the designation would not affect his work. He even planned to launch new projects, including potentially training young Russians in cybersecurity to, among other things, “prevent the FBI from recruiting them.”

Despite Matveev’s crimes, he claimed to live an “ordinary life” in Russia and said he had never been approached by law enforcement. “Unlike the Americans, the FSB doesn’t put up portraits on their website to say, ‘Look, I’m watching Most Wanted Cyber,’” he told Recorded Future News in an interview in 2022.

It is indeed uncommon for Russia to prosecute its own hackers, especially those involved in cyber activities that align with state interests or target the country’s “enemies.” However, there have been some recent exceptions.

Earlier in October, four members of the ransomware gang REvil were sentenced to multiple years in prison in Russia for charges related to hacking and money laundering. A Russian state news outlet reported that the arrests took place after U.S. President Joe Biden personally spoke to Russian President Vladimir Putin about cyberattacks launched by the group.

In February, Russian authorities identified and arrested three alleged members of a local ransomware gang called SugarLocker. The trials for two suspected hackers involved in the SugarLocker gang ended earlier in November. Russian citizen Alexander Ermakov was reportedly sentenced to two years of probation, while another suspect, Mikhail Lenin, was deemed insane, and the court ruled to apply compulsory medical measures to him.