The Russian government has confirmed the indictment of a 32-year-old resident whom authorities accuse of creating and launching the ransomware attack. Russian prosecutors announced last week that they had charged an anonymous hacker in Russia's Kaliningrad Oblast with creating ransomware to obtain “illegal profits.”
The arrest of suspected ransomware members from within Russia's borders is not uncommon, but it is not unheard of. The Russian government has a long history of protecting its citizens from actions by U.S. law enforcement, including prosecution and extradition related to cybercrime.
In a short statement last week, the Kaliningrad Prosecutor's Office confirmed that it had filed criminal charges against the individual in the district court. In a statement from prosecutors, authorities said in January 2024 that the suspected hackers “planned to use a malicious program to encrypt the data of a commercial organization and then receive a ransom for decryption.” He explained how hackers deploy ransomware.
Authorities have not released the name of the suspected ransomware hacker. Russian media RIA named the suspect as Kaliningrad resident Mikhail Matveev, 32, who is on the FBI's most wanted list for allegedly launching ransomware attacks against American companies. There is.
U.S. authorities previously linked Matveyev (who is currently receiving a $10 million reward from the U.S. State Department for information leading to his arrest) to ransomware groups Babak, Hive, and LockBit. Matveev previously told TechCrunch that he “burned” his passport to avoid being captured by a foreign country that has an extradition treaty with the United States (Russia does not). Matveev also told TechCrunch that Russia likely will not deport him to the United States to stand trial due to sanctions the U.S. government has imposed against him.
Matveyev did not respond to messages sent by TechCrunch on Monday. The last tweet posted by the X account known to be run by Matveev was on December 1st, and this is the first time the account has posted since mid-October.
A Russian government spokesperson in Moscow and the Russian embassy in Washington, D.C., did not respond to emails seeking comment. The FBI did not comment Monday on reports of Matveev's arrest.
FBI wanted poster for Mikhail Matveev. Image credit: FBI / Department of Justice
U.S. officials have long accused Russia of doing little to combat cybercriminals operating within its borders. U.S. intelligence chiefs reiterated earlier this year that the United States and its allies will continue to face ransomware attacks as Russia provides a “safe haven” for hackers targeting Western businesses and governments. said.
It is rare for a ransomware operator to be arrested and made public in Russia. Russian authorities arrested several members of the REvil ransomware gang in 2022, weeks after the gang's cyberattack on Colonial Pipeline, a major gas and oil pipeline that runs along the East Coast of the United States. The cyberattack caused major disruptions to gas and fuel supplies for more than a week. Russia's Federal Security Service (FSB) said in an unprecedented statement at the time that it had “neutralized” the hackers' infrastructure and effectively halted the ransomware campaign.
Security researchers say 2024 is on track to be a record year for profits from ransomware attacks and is likely to be a key priority for the second Trump administration, which takes office in January. .