Russian Cybercriminal Connected to LockBit and Hive Ransomware Arrested

Russian authorities have arrested Mikhail Pavlovich Matveev, a cybercriminal linked to the LockBit and Hive ransomware operations, who is also wanted in the United States.

Russian media outlet RIA Novosti reports that Matveev is accused of developing malicious software designed to encrypt victims’ files and extort ransom payments in exchange for decryption keys.

“The investigator has collected sufficient evidence, and the criminal case, with an indictment signed by the prosecutor, has been submitted to the Central District Court of Kaliningrad for trial,” stated the Russian Ministry of Internal Affairs.

Matveev faces charges under Part 1 of Article 273 of Russia’s Criminal Code, which pertains to creating, using, or distributing programs that can disrupt or alter computer information.

The U.S. government indicted Matveev in May 2023, accusing him of orchestrating ransomware attacks on thousands of victims globally. Known by aliases such as Wazawaka, m1x, Boriselcin, Uhodiransomwar, and Orange, Matveev is notorious for his cybercrime activities.

He has openly boasted about his crimes, claiming that local authorities would overlook his activities as long as he remains loyal to Russia. The U.S. Treasury has sanctioned him, and a reward of up to $10 million has been offered for information leading to his arrest or conviction.

A report from Swiss cybersecurity firm PRODAFT alleges that Matveev led a team of six penetration testers to execute ransomware campaigns. He has worked as an affiliate for groups including Conti, LockBit, Hive, Trigona, and NoEscape. Additionally, he held a management role in the Babuk ransomware group until early 2022 and is believed to have ties with the Russian cybercrime syndicate Evil Corp.

This arrest follows the sentencing of four members of the defunct REvil ransomware group in Russia last month on hacking and money laundering charges.