Mikhail Pavlovich Matveev, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is a Russian native who is 30 years old. The United States Justice Department has charged Matveev for his alleged participation in various ransomware operations. Indictments that have been filed in New Jersey and the District of Columbia say that Matveev was engaged in a conspiracy to disseminate ransomware from three separate strains or affiliate organizations, including Babuk, Hive, and LockBit. The indictments were returned in each of those jurisdictions.
According to the allegations included within the indictments, on June 25, 2020, Matveev and his other LockBit accomplices used the LockBit ransomware to attack a law enforcement agency located in Passaic County, New Jersey. Matveev is accused of conspiring with Hive on May 27, 2022, to hold a non-profit mental health care organization in Mercer County, New Jersey, to ransom in order to get money from the organization. Matveev and his Babuk gang are suspected of launching an attack using ransomware on the Metropolitan Police Department in Washington, District of Columbia, on April 26, 2021.
In the meanwhile, the United States Department of the Treasury has included Matveev on the list of individuals with whom it is unlawful to engage in financial transactions. In addition, the United States Department of State is offering a reward of ten million dollars for the apprehension and/or prosecution of Matveev; however, it is very improbable that either of these outcomes will occur so long as he remains in Russia.
In a conversation that took place in January 2021 on the leading Russian cybercrime forum, Matveev’s purported alter ego Wazawaka said that he had no intentions to leave the safety of “Mother Russia,” and that he did not want to go outside of Russia at any point in the foreseeable future.
“Mother Russia will help you,” Wazawaka said in conclusion. “Love your country, and you will always find a way to get away with everything.” The public persona of Babuk, a ransomware affiliate program that emerged on New Year’s Eve 2020, is said to have been “Boriselcin,” a loud and outspoken personality who was concurrently the public persona of Matveev on the cybercrime forums. According to the allegations made by the prosecutors, Matveev employed a dizzying stream of monikers on the cybercrime forums.
Previous investigations carried unearthed the fact that among Matveev’s aliases was one called “Orange,” who was the original creator of the RAMP ransomware forum. The acronym RAMP refers for “Ransom Anon Market Place,” and experts at the security company Flashpoint believe the forum was launched “directly in response to several large Dark Web forums banning ransomware collectives on their site following the Colonial Pipeline attack by ransomware group ‘DarkSide. “
As was mentioned in the investigations that were conducted into Matveev the previous year, all of the alleged cybercriminal handles that he used were motivated by the same communitarian ideology, which held that when organizations that were being held for ransom refused to cooperate or pay up, any data stolen from the victim should be published on Russian cybercrime forums for all to plunder, rather than being privately sold to whoever offered the highest price. Matveev has also been placed to the Most Wanted list maintained by the FBI. The ransomware perpetrator was subject to sanctions from the Treasury Department. The United States Department of State is prepared to provide a reward of up to ten million dollars for information that leads to the man’s capture.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.