U.S. Offered $10M for Hacker Just Arrested by Russia – Krebs on Security
In January 2022, KrebsOnSecurity identified a man named Mikhail Matveyev as”He Zeruo”, a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. A year later, the U.S. government indicted Matveyev as a top ransomware provider and offered a $10 million reward for information leading to his Arrest information. The Russian government reportedly arrested Matveyev last week and accused him of creating malware used to blackmail companies.
Matveyev, also known as “Wazawaka” and “boris starU.S. prosecutors say the group worked with at least three different ransomware gangs to extort hundreds of millions of dollars from companies, schools, hospitals and government agencies.
The Russian Ministry of Interior released last week a statement A 32-year-old hacker was charged with violating domestic laws regarding the creation and use of malware. The announcement did not name the defendants, but Russia’s state news agency RIA Novosti Quote Anonymous sources said the detained man was Matveyev.
Matveyev did not respond to a request for comment. Darina Antonik exist Record Report A security researcher said on Sunday that they had contacted Wazawaka, who confirmed he had been charged and said he had paid two fines, had his cryptocurrency confiscated and was out on bail pending trial.
Matveyev’s identity as a hacker is very public and talkative on many cybercrime forums. soon after Identified as Wazawaka by KrebsOnSecurity in 2022Matveyev Posted multiple selfie videos on Twitter/X He acknowledged using the Wazawaka moniker and mentioned several security researchers by name (including the author of this article). Recently, Matveev’s X profile (@ransomboris) release A photo of a T-shirt with a U.S. government “wanted” poster for him.
The golden rule of Russian cybercrime has always been that as long as you never hack, extort or steal from Russian citizens or companies, you don’t have to worry about being arrested. Wadzewaka claims he is passionate about adhering to this rule and makes it a personal and professional mantra.
“Don’t poop where you live, travel locally and don’t go abroad,” Wazawaka wrote on the Russian-language cybercrime forum Exploit in January 2021. “Mother Russia will help you. Love your country and you will always be free from everything.
Still, Wazewaka may not always follow this rule. Wazawaka claimed several times during his career that he made a lot of money by stealing accounts from drug dealers on dark web drug bazaars.
cyber intelligence company Intel 471 Said Matveyev’s arrest raises more questions than answers and that Russia’s motives may go beyond what appears to be happening.
“This could be an extortion attempt by the Kaliningrad authorities against a local cyber thug with tens of millions of dollars in cryptocurrency,” Intel471 wrote in an analysis published on December 2. No payment, trouble will come to you. But that’s usually something money can solve.
Intel 471 said that while Russia’s court system is opaque, Matveyev may be open to proceedings, especially if he pays the toll and is allowed to continue his destructive actions.
“Unfortunately, none of this will mark meaningful progress against ransomware,” they concluded.
While Russia has not traditionally made significant efforts to pursue cybercriminals within its borders, this year it brought a series of charges against alleged ransomware actors. In January, four men linked to the REvil ransomware group were sentenced to lengthy prison terms. These men are among them Russia rounds up 14 suspected REvil members Weeks before Russia invades Ukraine in 2022.
Earlier this year, Russian authorities arrested at least two men suspected of running a short-lived sugar cabinet 2021 Ransomware Project. Alexander Yermakov and Mikhail Sheffield (Now legally Mikhail Lenin) Runs a company called “Security Consulting” Shtazi-IT. Shortly before his arrest, Ermakov became Australia’s first-ever sanctioned cybercriminal after he allegedly stole and leaked the data of nearly 10 million customers of Australian health giant Medibank.
December 2023, KrebsOnSecurity Identify Lenin as “rescuer,” The moniker used by cybercriminals who sold more than 100 million payment cards stolen from Target and Home Depot customers in 2013 and 2014. Admitted in an interview with KrebsOnSecurity He is Ray Carter and claims his arrest in the Sugarlocker case was retaliation for reporting his former boss’s son to police.
Yermakov was sentenced to two years’ probation. But Antoniuk of the Record noted that on the same day that my interview with Lenin was published, a Moscow court declared him insane and ordered him to undergo compulsory treatment.
2024-12-04 14:08:45