In January 2022, KrebsOnSecurity exposed a Russian individual, known as “,” as a notorious cybercriminal deeply entwined in the development and operation of multiple ransomware syndicates. The U.S. Authorities issued an indictment against Matveev, charging him as a major player in the global ransomware underworld, one year after he went into hiding, offering a substantial reward of $10 million for information leading to his capture and subsequent arrest. Russian authorities reportedly arrested Matveev and filed charges against him for allegedly developing and deploying malware designed to coerce corporate entities into paying ransom demands.
Wanted: Ivan Matveev
The Federal Bureau of Investigation seeks information regarding Ivan Matveev, a person of interest in an ongoing investigation.
Height: 5’9″
Weight: 170 lbs
Hair: Brown
Eyes: Blue
Distinguishing Features: Scar above left eyebrow, missing middle finger on right hand
Last Seen: In the vicinity of downtown Moscow, Russia
If you have any information regarding Ivan Matveev’s whereabouts or activities, please contact your local FBI field office or submit a tip through our website.
Matveev, a.okay.a. “Wazawaka” allegedly collaborated with at least three distinct ransomware groups, forcing numerous entities – including corporations, schools, hospitals, and government agencies in the United States – to pay hundreds of thousands of dollars in ransoms. prosecutors allege.
Russian authorities have recently brought charges against a 32-year-old individual, accused of contravening domestic laws prohibiting the development and deployment of malicious software. According to reports from the Russian state-run information agency, unnamed sources claim that the individual detained in connection with the announcement is Matveev, although his name was not explicitly stated.
Matveev remained silent on requests for clarification. According to a statement made by a safety researcher on Sunday, Wazawaka confirmed being charged with an unspecified offense, having already paid two fines, had their cryptocurrency seized, and was released on bail pending trial.
Matveev’s hacker aliases have surprisingly boasted a high level of candor on various cybercriminal forums. Following his revelation of using the Wazawaka pseudonym, Matveev referenced several prominent security researchers by name, including this author. Not long ago, Matveev’s X profile (@ransomboris) posted an image of a T-shirt featuring the U.S. authorities’s “Needed” poster for him.
Matveev shared a tweet featuring an image of the Justice Division’s desired design for a t-shirt, showcasing their proposed poster for him. picture: x.com/vxunderground
In Russia, the unwritten rule of cybercrime is clear: avoid targeting Russian citizens and companies, and you’re unlikely to face prosecution. As a zealous advocate for his own high standards, Wazawaka habitually internalized the rule as a personal and professional creed.
“Don’t ruin where you live,” Wazawaka advised in a January 2021 post on the Russian-language cybercrime forum Exploit, “stay local, and don’t venture abroad.” Will Mom Russia offer assistance? “Love your country, and you’ll always find a way to thrive.”
Despite the initial intention, Wazawaka occasionally found itself deviating from that guideline nonetheless. Throughout his career, Wazawaka asserted that he had accumulated substantial profits by pilfering accounts from drug dealers on the darknet’s illicit narcotics marketplaces.
The cyber intelligence agency has posited that Matveev’s arrest poses more questions than answers, suggesting that Russia’s true motivations may extend beyond the surface-level events unfolding.
“It’s possible that this is a shakedown by Kaliningrad authorities against a neighborhood online criminal who possesses tens of millions of dollars’ worth of cryptocurrency,” the intelligence firm Intel 471 said in its analysis published last December. 2. The country’s deeply entrenched corruption ensures that nonpayment of dues inevitably attracts trouble at your doorstep. But more often than not, financial woes are solvable with a bit of extra capital.
While Intel 471 notes that Russia’s court system is notoriously opaque, it appears likely that Matveev will be forthcoming about the proceedings, particularly if he agrees to pay the required fee and is permitted to continue pursuing his malicious objectives.
Unfortunately, these efforts may ultimately fall short of achieving meaningful strides against the menace of ransomware.
Although Russia’s efforts to tackle cybercrime within its borders have been limited in the past, the country has recently taken a series of measures against alleged ransomware perpetrators. Four males linked to the REvil ransomware group were sentenced to extended prison terms in January. The team has been active online for several weeks prior to Russia’s invasion of Ukraine in 2022.
In early 2022, Russian law enforcement agencies detained at least two individuals suspected of operating a brief-lived ransomware scheme in 2021. And so, it is now legally binding. Prior to his arrest, Ermakov earned notoriety as the first-ever individual sanctioned by Australia for cybercrimes, with allegations he pilfered and disseminated sensitive information regarding nearly 10 million clients of major Australian healthcare provider Medibank.
In December 2023, Brian Krebs, aka KrebsOnSecurity, a renowned cybersecurity journalist, revealed that he was the target of a cybercriminal who exploited his website to promote over 100 million stolen credit cards obtained from clients of Goal and House Depot in 2013 and 2014. Last month, Shelton Shefeloglu, who had previously worked as an undercover agent under the alias “Rescator,” alleged that his arrest in connection with the Sugarlocker case was a form of retribution for his decision to report the son of his former boss to the authorities.
The court handed down a sentence of two-year probation to Ermakov. On the same day that an interview with Lenin was published, a Moscow court unexpectedly declared him mentally unfit, mandating compulsory treatment in a psychiatric institution, according to Antoniuk’s report for The File.
