On May 16, 2023, Mikhail Matveev, a Russian national, was sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) for creating and spreading multiple ransomware strains with estimated losses of up to $200 million for the victims. At the same time, the Department of Justice (DOJ) has indicted Matveev on various charges. The U.S. State Department is offering a reward of up to $10 million for information leading to his arrest or conviction.
Mikhail Matveev, 31, is known for his role in developing the Babuk ransomware strain and its Ransomware-as-a-Service (RaaS) affiliate program. He has also deployed the Lockbit and Hive ransomware strains against victims. Matveev operated under different aliases, such as “Wazawaka,” “Boriselcin,” and “Uhodiransomwar,” on cybercriminal forums.
The U.S. indictment says that Matveev and his co-conspirators used these types of ransomware to attack thousands of victims in the United States and worldwide. These victims include law enforcement, government agencies, hospitals, and schools. Total ransom demands allegedly made by the members of these three global ransomware campaigns to their victims amount to as much as $400 million, while total victim ransom payments amount to as much as $200 million.
Matveev openly flaunted his ransomware activities and expressed his financial motivations in interviews. He once stated, “There is no such money anywhere as there is in ransomware.”
According to the FBI, Matveev has ties to Kaliningrad and St. Petersburg, Russia, and is known to travel between the two locations. In addition, Matveev has previously traveled to Thailand.
Regarding the OFAC sanctions, Matveev’s entry on the Specially Designated Nationals (SDN) list does not currently include cryptocurrency addresses. However, if Chainalysis identifies any addresses connected to Matveev, they will be appropriately labeled.
If you have any information about Mikhail Matveev, please let us know through our whistleblower system, Whistle42.