A Russian man recognized by KrebsOnSecurity in January 2022 as a prolific and vocal member of a number of high ransomware teams was the topic of two indictments unsealed by the Justice Department in the present day. U.S. prosecutors say Mikhail Pavolovich Matveev, a.okay.a. “Wazawaka” and “Boriselcin” labored with three totally different ransomware gangs that extorted tons of of thousands and thousands of {dollars} from corporations, colleges, hospitals and authorities businesses.
An FBI needed poster for Matveev.
Indictments returned in New Jersey and the District of Columbia allege that Matveev was concerned in a conspiracy to distribute ransomware from three totally different strains or affiliate teams, together with Babuk, Hive and LockBit.
The indictments allege that on June 25, 2020, Matveev and his LockBit co-conspirators deployed LockBit ransomware towards a regulation enforcement company in Passaic County, New Jersey. Prosecutors say that on May 27, 2022, Matveev conspired with Hive to ransom a nonprofit behavioral healthcare group headquartered in Mercer County, New Jersey. And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware towards the Metropolitan Police Department in Washington, D.C.
Meanwhile, the U.S. Department of Treasury has added Matveev to its listing of individuals with whom it’s unlawful to transact financially. Also, the U.S. State Department is providing a $10 million reward for the seize and/or prosecution of Matveev, though he’s unlikely to face both so long as he continues to reside in Russia.
In a January 2021 dialogue on a high Russian cybercrime discussion board, Matveev’s alleged alter ego Wazawaka stated he had no plans to go away the safety of “Mother Russia,” and that touring overseas was not an possibility for him.
“Mother Russia will help you,” Wazawaka concluded. “Love your country, and you will always get away with everything.”
In January 2022, KrebsOnSecurity printed Who is the Network Access Broker ‘Wazawaka,’ which adopted clues from Wazawaka’s many pseudonyms and speak to particulars on the Russian-language cybercrime boards again to a 33-year-old Mikhail Matveev from Abaza, RU (the FBI says his date of delivery is Aug. 17, 1992).
A month after that story ran, a person who appeared similar to the social media pictures for Matveev started posting on Twitter a collection of weird selfie movies wherein he lashed out at safety journalists and researchers (together with this writer), whereas utilizing the identical Twitter account to drop exploit code for a widely-used digital non-public networking (VPN) equipment.
“Hello Brian Krebs! You did a really great job actually, really well, fucking great — it’s great that journalism works so well in the US,” Matveev stated in one of many movies. “By the way, it is my voice in the background, I just love myself a lot.”
Prosecutors allege Matveev used a dizzying stream of monikers on the cybercrime boards, together with “Boriselcin,” a talkative and brash persona who was concurrently the general public persona of Babuk, a ransomware associates program that surfaced on New Year’s Eve 2020.
Previous reporting right here revealed that Matveev’s alter egos included “Orange,” the founding father of the RAMP ransomware discussion board. RAMP stands for “Ransom Anon Market Place, and analysts at the security firm Flashpoint say the forum was created “directly in response to several large Dark Web forums banning ransomware collectives on their site following the Colonial Pipeline attack by ransomware group ‘DarkSide.”
As famous in final yr’s investigations into Matveev, his alleged cybercriminal handles all had been pushed by a uniquely communitarian view that when organizations being held for ransom decline to cooperate or pay up, any information stolen from the sufferer ought to be printed on the Russian cybercrime boards for all to plunder — not privately bought to the best bidder.
In thread after thread on the crime discussion board XSS, Matveev’s alleged alias “Uhodiransomwar” may very well be seen posting obtain hyperlinks to databases from corporations which have refused to barter after 5 days.
Matveev is charged with conspiring to transmit ransom calls for, conspiring to break protected computer systems, and deliberately damaging protected computer systems. If convicted, he faces greater than 20 years in jail.
Further studying:
Who is the Network Access Broker “Wazawaka?”
The New Jersey indictment towards Matveev (PDF)
The indictment from the U.S. lawyer’s workplace in Washington, D.C. (PDF)