Russia Arrests Alleged HIVE/LockBit Ransomware Actor Wanted by FBI
Ransomware actors operating within Russia are beyond the reach of Western law enforcement agencies and appear to operate without fear of arrest, providing they do not conduct any attacks within Russia or the Commonwealth of Independent States (CIS); however, a suspected member of multiple ransomware groups has been arrested in Russia, according to Russian media.
RIA Novosti has reported that a “programmer” wanted by the Federal Bureau of Investigation (FBI) in connection with U.S. ransomware attacks has been arrested by Russian authorities. Suspected Russian cybercriminal, Mikhail Pavlovich Matveev, was indicted by the U.S. Department of Justice (DoJ) in May 2023 and is alleged to have been a central figure in three ransomware groups.
Matveev was charged in the United States in connection with ransomware attacks on the U.S. government, hospitals, & schools, including a law enforcement agency and a behavioral healthcare provider in New Jersey, and a police department in Washington D.C. As a member of the LockBit, Hive, and Babuk ransomware operations, Metveev is alleged to demanded ransoms in excess of $400 million and collected up to $200 million in ransom payments between June 2020 and May 2023.
Matveev, who used the monikers Wazawaka, m1x, Boriselcin, & Uhodiransomwar, was charged in the United States with conspiracy to transmit ransom demands, conspiracy to damage protected computers, and intentionally damaging protected computers, and faces 20 years in prison if apprehended and found guilty by a court of law. In May 2023, the U.S. State Department offered a $10 million reward for information leading to the arrest and conviction of Matveev under the Transnational Organized Crime Rewards Program (TOCRP).
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Indicting Russian cybercriminals is one thing, but ensuring they see justice for their crimes is another. Since there is no extradition treaty between Russia and the United States, it is unlikely that Russian cybercriminals will face charges in the United States unless they travel outside of Russia. Russia turns a blind eye to ransomware actors who conduct attacks in the West, provided they do not conduct any attacks in Russia or CIS states. That view was shared by Matveev, who stated publicly that his activities would be tolerated by local authorities provided he remains loyal to Russia. It would appear that his confidence was misplaced.
Russian media reports that the Kaliningrad Interior Ministry and the prosecutor’s office have confirmed that following a January investigation, Metveev has been accused of developing ransomware to encrypt files and data without the knowledge and consent of users with a view to issuing ransom demands for decryption. Matveev has been charged with violating the Criminal Code of the Russian Federation and now awaits trial in Kaliningrad, where the merits of “a sufficient evidence base” against Matveev will be considered.
While Russia has taken action against individuals suspected of conducting ransomware attacks in the past, including sentencing four suspected members of the REvil ransomware operation in October 2024 to between four and six and a half years, criminal prosecutions for ransomware attacks are rare. It is unclear what triggered the investigation and arrest and while he looks likely to face justice if found guilty, extradition to the US to face charges is unlikely.
