Alleged Babuk Ransomware ‘Wazawaka’ Hacker Indicted in US

A Russian man the U.S. federal government says has been a key actor in Russian ransomware hacking faces indictment in two American jurisdictions, economic sanctions and a $10 million reward for information leading to his arrest.

See Also: OnDemand | Attack Surface Management 2.0: Leveraging Vulnerability Analytics & Threat Intelligence

The man, Mikhail Matveev, 31, aka Wazawaka, was a central figure of the Babuk ransomware-as-a-service gang. Babuk became inactive shortly after hacking in 2021 the Washington, D.C. Metropolitan Police Department, demanding $4 million in extortion and subsequently dumping what the group said was 250 gigabytes of law enforcement data. A Washington grand jury indicted Matveev on two felony charges connected with the incident.

Federal prosecutors in New Jersey say in a four-count indictment that Matveev also deployed LockBit and Hive ransomware. Their indictment accuses the hacker of using LockBit encryption in June 2020 against a law enforcement agency in Passaic County, and in May 2022 attacking a nonprofit behavorial healthcare organization in Mercer County with Hive ransomware.

“From his home base in Russia, Matveev allegedly used multiple ransomware variants to attack critical infrastructure around the world, including hospitals, government agencies, and victims in other sectors,” said Assistant Attorney General Kenneth A. Polite, Jr. of Justice’s Criminal Division.

The Department of Justice says ransomware demands from the three groups adds up to as much as $400 million, with actual payments amounting to up to $200 million. Federal agents infiltrated Hive and in January assisted in a multinational law enforcement operation to take control of its infrastructure (see: FBI Seizes Hive Ransomware Servers in Multinational Takedown).

The Treasury Department added Matveev to a sanctions blacklist preventing U.S. persons from transacting with him and subjecting his assets to seizure. The department said Matveev currently resides in Kaliningrad, a Russian-controlled Baltic port city exclave. The FBI said he has ties to St. Petersburg and is known to travel between the locations. The State Department announced it will pay up to $10 million for information leading to his arrest. Russia does not extradite its nationals and has long tolerated ransomware hackers operating within its borders. The federal government estimates that three quarters of known ransomware incidents have a connection to Russia.

“Matveev has been vocal about his illegal activities. He has provided insight into his cybercrimes in media interviews, disclosed exploit code to online criminals, and stated that his illicit activities will be tolerated by local authorities provided that he remains loyal to Russia,” the Treasury Department said.

Matveev responded to today’s flurry of federal activities in a comment to CNN sent over Twitter, in which he “replied with a video with a Russian man repeating the phrase, ‘I don’t give a f*** at all.'”

The ransomware hacker has cut a singular profile in the ransomware world, with cybersecurity reporter Brian Krebs reporting in early 2022 that other Russian cybercriminals believed that Matveev “lost his mind.”