Russian authorities have apprehended Mikhail Pavlovich Matveev, a prominent cybercriminal sought by U.S. law enforcement for his leadership role in the notorious LockBit and Hive ransomware campaigns. The case is now under review at Kaliningrad’s Central District Court.
Matveev, who operated under aliases including Wazawaka, m1x, and Orange, faces charges in Russia for developing malicious encryption software used in widespread ransomware attacks. His May 2023 U.S. indictment details his involvement in thousands of global ransomware incidents, leading the U.S. Treasury to place sanctions on him and offer a $10 million reward for information leading to his capture.
As a sophisticated cyber operator, Matveev commanded a team of six penetration testers and maintained affiliations with multiple ransomware groups, including Conti, LockBit, Hive, and Babuk. He also established connections with Evil Corp, a notorious Russian cybercrime organization. Reports suggest he claimed his operations were permitted by Russian authorities in exchange for loyalty.
This arrest follows a recent case where four REvil ransomware operators were sentenced in Russia for similar cybercrime activities, marking a significant development in the global fight against ransomware.