In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev like”He stopped,” a hacker who was deeply involved in the creation and operation of many ransomware groups. The US government indicted Matveev as a leading ransomware dealer the following year, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to defraud companies.
The FBI wanted Matveev’s poster.
Matveev, aka “Wazawaka” and “Boriselcin” worked with at least three ransomware groups that took hundreds of millions of dollars from companies, schools, hospitals and government agencies, US prosecutors said.
The Ministry of Internal Affairs of Russia last week issued a statement saying that the 32-year-old hacker was charged with violating domestic laws against the creation and use of malicious software. The announcement did not name the suspects, but a Russian state news agency did RIA Novosti he quoted anonymous sources as saying that the arrested man is Matveev.
Matveev did not respond to requests for comment. Daryna Antoniuk of TheRecord reports that a security researcher said on Sunday they contacted Wazawaka, who confirmed he had been charged and said he had paid two fines, had his cryptocurrency confiscated, and is currently out on bail pending trial.
Hacker Matveev’s identity is incredibly open and speaks to many cybercrime forums. Shortly after being identified as Wazawaka by KrebsOnSecurity in 2022, Matveev published several selfie videos on Twitter/X where he admitted to using the Wazawaka moniker and mentioned several security researchers by name (including this author). Recently, the profile of Matveev X (@ransomboris) posted a picture of a t-shirt with the inscription of the US government “Wanted” on him.
A photo posted on Twitter by Matveev showing a poster wanted by the Department of Justice on a t-shirt. image: x.com/vxunderground
The golden rule of cybercrime in Russia has always been that as long as you never hack, defraud or steal from Russian citizens or companies, you have no fear of arrest. Wazawaka said he passionately adheres to this rule as a personal and professional mantra.
“Don’t panic where you live, visit your neighborhood, and don’t go abroad,” Wazawaka wrote in January 2021 on the Russian-language cybercrime forum Exploit. “Mother Russia will help you. Love your country, and you will always do nothing.”
However, Wazawaka may not have always adhered to that rule. At several points throughout his career, Wazawaka said he made good money by stealing accounts from drug dealers on darknet drug markets.
Cyber intelligence firm Intel 471 said Matveev’s arrest raises more questions than answers, and that Russia’s motivations here may go beyond the surface.
“It is possible that this is the interference of the Kaliningrad authorities of a local hacker with tens of millions of dollars in cryptocurrency,” Intel 471 wrote in an analysis published on December 2. t paid, trouble will come knocking. But money is often a problem that cannot be fixed.
Intel 471 says that while the Russian court system is unclear, Matveev will likely be open about the proceedings, especially if he pays taxes and is given permission to continue his destructive activities.
“Unfortunately, none of this would mark significant progress against ransomware,” they concluded.
While Russia has traditionally not put much effort into going after cybercriminals within its borders, it has brought a series of indictments against suspected ransomware players this year. In January, four men arrested for the REvil ransomware group were sentenced to long prison terms. The men were among 14 suspected REvil members rounded up by Russia in the weeks before Russia invaded Ukraine in 2022.
Earlier this year, Russian authorities arrested at least two men for allegedly using the incident temporarily Sugarlocker Ransomware program in 2021. Aleksandr Ermakov again Mikhail Shefel (now legally Mikhail Lenin) had a security consulting business called Shtazi-IT. Shortly before his arrest, Ermakov became Australia’s first ever cybercriminal, accused of stealing and leaking information from nearly 10 million customers of Australian health giant Medibank.
In December 2023, KrebsOnSecurity identified Lenin as “It’s a repeater,” the nickname used by the hacker responsible for selling more than 100 million stolen payment cards to Target and Home Depot customers in 2013 and 2014. Last month, Shefel admitted in an interview with KrebsOnSecurity that he was a Rescator, and said that his arrest in the Sugarlocker case was payment for reporting the son of his former boss to the police.
Ermakov was sentenced to two years in prison. But on the day my interview with Lenin was published here, a Moscow court declared him insane, and ordered him to undergo compulsory medical treatment, noted the Record’s Antoniuk.
Source link