Western law enforcement agencies cannot catch ransomware actors working inside Russia so these threat actors can operate without fearing an arrest, as long as they don’t perform any attacks on Russia or the Commonwealth of Independent States (CIS). Nevertheless, Russian media reported the arrest of an alleged member of multiple ransomware groups in Russia.
RIA Novosti reported that Russian authorities arrested a “programmer” sought by the Federal Bureau of Investigation (FBI) because of U.S. ransomware attacks. In May 2023, Mikhail Pavlovich Matveev, an alleged Russian cybercriminal was charged by the U.S. Department of Justice (DoJ) for being a key figure in three ransomware groups.
Matveev was accused in the United States in association with the ransomware attacks conducted on hospitals & schools, the U.S. government, a police department in Washington D.C., a law enforcement agency and a behavioral healthcare company in New Jersey. Metveev is a member of the LockBit, Hive, and Babuk ransomware groups. He is alleged to have issued ransom demands of over $400 million and received as much as $200 million in ransom payments from June 2020 to May 2023.
Matveev, also called Wazawaka, Boriselcin, m1x, & Uhodiransomwar, faced the following charges in the United States: conspiracy to transfer ransom demands, conspiracy to destroy secured computers, and deliberately destroying protected computers. He is facing a 20-year imprisonment term in case of capture and conviction by the court of law. In May 2023, the U.S. State Department, through the Transnational Organized Crime Rewards Program (TOCRP), offered to give a $10 million reward in exchange for information that would lead to the capture and indictment of Matveev.
It’s not easy to indict Russian cybercriminals and ensure justice is served for their crimes. Because of a lack of extradition treaty between the United States and Russia, it is improbable that Russian cybercriminals will be charged in the U.S, unless they go outside of their country. Russia does not care about ransomware actors who execute attacks in the West, as long as they don’t launch attacks in Russia or the CIS states. Matveev held that perspective when he mentioned in public that local authorities tolerate his activities as long as he is faithful to Russia. It would seem that he misplaced his confidence.
According to Russian media, the Kaliningrad Interior Ministry, together with the prosecutor’s office, confirmed an investigation in January that revealed Metveev being charged with creating ransomware to encrypt data and issuing ransom demands to victims to decrypt data files. Matveev was accused of violating the Criminal Code of the Russian Federation. He is waiting for his trial in Kaliningrad in consideration of the merits of “a sufficient evidence base”.
Although Russia took action against people alleged of carrying out ransomware attacks previously, which include four alleged REvil ransomware group members sentenced to 4 to 6.5 years in October 2024, rarely are ransomware attacks criminally prosecuted. It is uncertain what prompted the investigation and indictment. Although Matveev looks probable to face justice when convicted, extradition to the U.S. to face charges (like HIPAA violation) is not possible.
Image credits: Gorodenkoff, AdobeStock
