Russian Hacker “Wazawaka” Indicted for Ransomware – Krebs on Safety


A Russian man recognized by KrebsOnSecurity in January 2022 as a prolific and vocal member of a number of prime ransomware teams was the topic of two indictments unsealed by the Justice Division at the moment. U.S. prosecutors say Mikhail Pavolovich Matveev, a.okay.a. “Wazawaka” and “Boriselcin” labored with three totally different ransomware gangs that extorted a whole lot of tens of millions of {dollars} from firms, colleges, hospitals and authorities companies.

An FBI needed poster for Matveev.

Indictments returned in New Jersey and the District of Columbia allege that Matveev was concerned in a conspiracy to distribute ransomware from three totally different strains or affiliate teams, together with Babuk, Hive and LockBit.

The indictments allege that on June 25, 2020, Matveev and his LockBit co-conspirators deployed LockBit ransomware in opposition to a regulation enforcement company in Passaic County, New Jersey. Prosecutors say that on Could 27, 2022, Matveev conspired with Hive to ransom a nonprofit behavioral healthcare group headquartered in Mercer County, New Jersey. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware in opposition to the Metropolitan Police Division in Washington, D.C.

In the meantime, the U.S. Division of Treasury has added Matveev to its record of individuals with whom it’s unlawful to transact financially. Additionally, the U.S. State Division is providing a $10 million reward for the seize and/or prosecution of Matveev, though he’s unlikely to face both so long as he continues to reside in Russia.

In a January 2021 dialogue on a prime Russian cybercrime discussion board, Matveev’s alleged alter ego Wazawaka mentioned he had no plans to depart the safety of “Mom Russia,” and that touring overseas was not an possibility for him.

“Mom Russia will enable you,” Wazawaka concluded. “Love your nation, and you’ll all the time get away with all the things.”

In January 2022, KrebsOnSecurity revealed Who’s the Community Entry Dealer ‘Wazawaka,’ which adopted clues from Wazawaka’s many pseudonyms and call particulars on the Russian-language cybercrime boards again to a 33-year-old Mikhail Matveev from Abaza, RU (the FBI says his date of delivery is Aug. 17, 1992).

A month after that story ran, a person who appeared similar to the social media images for Matveev started posting on Twitter a sequence of weird selfie movies during which he lashed out at safety journalists and researchers (together with this writer), whereas utilizing the identical Twitter account to drop exploit code for a widely-used digital personal networking (VPN) equipment.

“Hi there Brian Krebs! You probably did a very nice job really, very well, fucking nice — it’s nice that journalism works so properly within the US,” Matveev mentioned in one of many movies. “By the way in which, it’s my voice within the background, I simply love myself loads.”

Prosecutors allege Matveev used a dizzying stream of monikers on the cybercrime boards, together with “Boriselcin,” a talkative and brash character who was concurrently the general public persona of Babuk, a ransomware associates program that surfaced on New Yr’s Eve 2020.

Earlier reporting right here revealed that Matveev’s alter egos included “Orange,” the founding father of the RAMP ransomware discussion board. RAMP stands for “Ransom Anon Market Place, and analysts on the safety agency Flashpoint say the discussion board was created “immediately in response to a number of massive Darkish Net boards banning ransomware collectives on their website following the Colonial Pipeline assault by ransomware group ‘DarkSide.”

As famous in final 12 months’s investigations into Matveev, his alleged cybercriminal handles all had been pushed by a uniquely communitarian view that when organizations being held for ransom decline to cooperate or pay up, any information stolen from the sufferer ought to be revealed on the Russian cybercrime boards for all to plunder — not privately offered to the very best bidder.

In thread after thread on the crime discussion board XSS, Matveev’s alleged alias “Uhodiransomwar” may very well be seen posting obtain hyperlinks to databases from firms which have refused to barter after 5 days.

Matveev is charged with conspiring to transmit ransom calls for, conspiring to wreck protected computer systems, and deliberately damaging protected computer systems. If convicted, he faces greater than 20 years in jail.

Additional studying:

Who’s the Community Entry Dealer “Wazawaka?”

Wazawaka Goes Waka Waka

The New Jersey indictment in opposition to Matveev (PDF)

The indictment from the U.S. lawyer’s workplace in Washington, D.C. (PDF)

Leave a Reply

Your email address will not be published. Required fields are marked *