- Cyber Syrup
- Posts
- Russian Hacker Connected to LockBit and Hive Ransomware Arrested: Key Developments
Russian Hacker Connected to LockBit and Hive Ransomware Arrested: Key Developments
A Russian cybercriminal allegedly involved in the notorious LockBit and Hive ransomware operations has been arrested by Russian law enforcement authorities
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
Start learning AI in 2025
Everyone talks about AI, but no one has the time to learn it. So, we found the easiest way to learn AI in as little time as possible: The Rundown AI.
It's a free AI newsletter that keeps you up-to-date on the latest AI news, and teaches you how to apply it in just 5 minutes a day.
Plus, complete the quiz after signing up and they’ll recommend the best AI tools, guides, and courses – tailored to your needs.
Russian Hacker Connected to LockBit and Hive Ransomware Arrested: Key Developments
A Russian cybercriminal allegedly involved in the notorious LockBit and Hive ransomware operations has been arrested by Russian law enforcement authorities. The individual, Mikhail Pavlovich Matveev, has been implicated in developing malicious software designed to encrypt files and demand ransom payments for their decryption.
Who Is Mikhail Matveev?
Mikhail Matveev, known online by aliases such as Wazawaka, m1x, Boriselcin, Uhodiransomwar, and Orange, is a key figure in ransomware operations targeting thousands of victims worldwide. U.S. authorities charged Matveev in May 2023 for launching ransomware attacks on organizations in the U.S. and globally, allegedly causing extensive financial and operational damage.
Matveev's activities reportedly extended beyond being an affiliate for several ransomware groups, including:
Conti
LockBit
Hive
Trigona
NoEscape
He also held a management-level role in the Babuk ransomware group until early 2022 and has suspected ties to Evil Corp, another infamous Russian cybercrime group.
Public Admission of Crimes
Matveev has openly discussed his criminal endeavors in online forums, asserting that his actions have been tolerated by Russian authorities so long as he remained loyal to the country. His brazenness highlights the challenges of combating ransomware actors operating with tacit state approval.
Details of the Arrest
The Russian Ministry of Internal Affairs stated that Matveev has been charged under Part 1 of Article 273 of the Russian Criminal Code, which pertains to creating, using, and distributing computer programs that cause destruction, blocking, or modification of computer information. The case has now been forwarded to the Central District Court of Kaliningrad for further proceedings.
Evidence and Prosecution
Authorities claim to have collected sufficient evidence to charge Matveev with:
Developing and deploying ransomware.
Facilitating attacks against victims in exchange for ransom payments.
Managing a team of penetration testers to carry out these attacks.
U.S. Efforts to Prosecute Matveev
In addition to the charges in Russia, the U.S. Department of Justice has pursued Matveev for his role in ransomware attacks targeting American organizations. He was sanctioned by the U.S. Treasury Department and remains the subject of a $10 million reward under the U.S. State Department’s Rewards for Justice program for information leading to his arrest or conviction.
The charges include participating in ransomware attacks against critical infrastructure, businesses, and government agencies, emphasizing the extensive reach and impact of his operations.
Broader Context: Cybercrime Crackdowns in Russia
Matveev's arrest follows the sentencing of four members of the REvil ransomware gang in Russia. Convicted of hacking and money laundering charges, these individuals received prison sentences in what appears to be an effort by Russian authorities to demonstrate action against cybercrime. However, skepticism remains about whether these actions signify genuine efforts to curtail cybercriminal activities or are driven by other geopolitical motives.
Implications for Ransomware Operations
Matveev’s arrest and potential prosecution could have a significant impact on ransomware operations, particularly on groups with ties to Russian cybercriminals. His extensive connections to multiple ransomware gangs suggest that his removal from the ecosystem could disrupt ongoing campaigns and destabilize coordination among affiliates.
However, given the decentralized and resilient nature of ransomware operations, it is unlikely to completely eliminate the threat.
How to Protect Yourself and Your Organization
While efforts to prosecute high-profile cybercriminals like Matveev are crucial, organizations must take proactive steps to protect themselves from ransomware attacks:
Strengthen Cybersecurity Posture
Implement robust endpoint protection and firewalls.
Regularly update and patch software vulnerabilities.
Adopt Multi-Factor Authentication (MFA)
Require MFA for all employees to secure login credentials.
Conduct Employee Training
Educate staff on phishing tactics and social engineering scams to minimize human errors.
Backup Critical Data
Maintain regular backups of key systems and store them offline.
Monitor Network Activity
Use intrusion detection systems to identify and respond to suspicious activities.
Collaborate with Authorities
Report any ransomware attempts to local law enforcement and cybersecurity agencies.
Looking Ahead
Matveev’s arrest underscores the ongoing battle against ransomware operators and highlights the need for international collaboration to address the growing threat of cybercrime. While his apprehension is a step forward, it also serves as a reminder of the evolving tactics used by cybercriminals and the importance of staying vigilant in the face of persistent threats.