BREAKING NEWS – Mikhail Pavlovich Matveev, a prominent Russian cybercriminal known by aliases such as “Wazawaka” and “m1x,” was arrested in Russia on Thursday, June 4, 2026, following charges filed by the U.S. government. Matveev, 32, stands accused of orchestrating and participating in widespread ransomware attacks that collectively demanded hundreds of millions of dollars from victims worldwide.
The arrest, carried out by Russian authorities, marks a significant development in international efforts to combat sophisticated cybercrime. Matveev, a Russian national with ties to Kaliningrad and St. Petersburg, has been a central figure in the LockBit, Babuk, and Hive ransomware operations, which have terrorized businesses, government agencies, and critical infrastructure globally.
The Charges Against Mikhail Pavlovich Matveev
Mikhail Pavlovich Matveev faces multiple serious charges in the United States. In the U.S. District Court for the District of Columbia, he was charged with Intentional Damage to a Protected Computer; Threats Relating to a Protected Computer; and Aiding and Abetting. Separately, the U.S. District Court for the District of New Jersey charged him with Computer Intrusion and Conspiracy. These indictments, unsealed in December 2022, accuse Matveev of conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers.
The charges stem from his alleged involvement in highly organized ransomware campaigns. These operations typically involve gaining unlawful access to vulnerable computer systems, deploying malicious software to encrypt and steal data, and then demanding cryptocurrency payments in exchange for data decryption or preventing public release. Matveev was directly implicated in transmitting these ransom demands and using intimidation tactics, including threats to leak sensitive files, a strategy often employed by these groups.
“The arrest of Mikhail Pavlovich Matveev underscores the relentless global pursuit of cybercriminals, demonstrating that even those operating across borders will ultimately face justice for their devastating digital attacks.”
Scale of the Cybercrime Operations
The ransomware campaigns linked to Mikhail Pavlovich Matveev – LockBit, Babuk, and Hive – represent some of the most destructive cyberattacks in recent history. Collectively, these operations made ransom demands totaling as much as $400 million, with actual ransom payments from victims amounting to approximately $200 million.
The impact was catastrophic, affecting thousands of victims across the globe, including critical sectors in the United States. The Babuk variant, active from December 2020 to September 2021, executed at least 65 attacks worldwide, demanding around $49 million and receiving approximately $13 million. Matveev’s involvement in LockBit was even more extensive, with at least 1,400 attacks attributed to him and his co-conspirators, demanding roughly $100 million and receiving at least $75 million in payments. The Hive ransomware, which emerged in June 2021, executed at least 1,400 attacks globally, demanding approximately $270 million and securing up to $120 million in payments.
Victims ranged from law enforcement agencies, such as the Metropolitan Police Department in Washington, D.C., and a law enforcement agency in Passaic County, New Jersey, to hospitals, healthcare organizations, government entities, and countless private-sector companies. Schools, nonprofit organizations, and businesses across various industries also fell prey to these sophisticated digital extortion schemes.
Who Is Mikhail Pavlovich Matveev?
Mikhail Pavlovich Matveev, born on August 17, 1992, is a 32-year-old Russian national described as a prolific ransomware affiliate and a key figure in the cybercrime community. Operating under multiple aliases, including “Wazawaka,” “m1x,” and “Boriselcin,” Matveev has been a central player in the management and execution of major ransomware operations. While not affiliated with a legitimate company, he held management-level roles within the LockBit, Babuk, and Hive groups, even reportedly leading the Babuk ransomware group in 2022. Cybersecurity blogger Brian Krebs publicly identified Matveev as “Wazawaka” in January 2022, an identification Matveev later confirmed, often taunting researchers with exploit code and selfie videos.
Investigation Details
The investigation into Mikhail Pavlovich Matveev’s activities was a complex, multi-agency effort spanning several years. The Federal Bureau of Investigation (FBI) played a crucial role, tracing ransom payments to virtual currency addresses and intercepting communication logs to build a case that specifically linked Matveev to the Babuk ransomware incident against the Washington, D.C. Metropolitan Police Department in April 2021.
The U.S. Department of Justice (DOJ) spearheaded the legal proceedings, unsealing the two indictments against Matveev. Further pressure was applied by the U.S. Department of State, which offered a reward of up to $10 million for information leading to his arrest and/or conviction. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) also designated Matveev for sanctions in May 2023, effectively blocking his assets within U.S. jurisdiction and prohibiting U.S. persons from engaging in transactions with him.
This extensive investigation involved significant international collaboration with partners including Europol’s European Cybercrime Centre, Eurojust, the National Police Agency of Japan, France’s Gendarmerie Nationale Cyberspace Command, and the National Crime Agency, highlighting the global nature of both the crime and the pursuit of justice.
What Happens Next
With his arrest in Russia, Mikhail Pavlovich Matveev is now facing legal proceedings in his home country. Russian authorities have confirmed his indictment in Kaliningrad, where he is awaiting trial for violating the Criminal Code of the Russian Federation. Reports indicate he was released on bail following his arrest, with police confiscating some of his cryptocurrency holdings. Should he ever be apprehended and extradited to the United States, he faces a potential sentence of over 20 years in prison for the charges against him.
The U.S. indictments remain active, and the sanctions imposed by OFAC are still in effect, ensuring that any assets belonging to Matveev within the U.S. financial system remain frozen. This ongoing legal battle underscores the challenges and complexities of prosecuting international cybercriminals operating across sovereign borders.
For more insights into complex financial crimes, visit related fraud investigations on The Financial Standard.
Protecting Yourself from Ransomware Threats
The case of Mikhail Pavlovich Matveev serves as a stark reminder of the persistent and evolving threat of ransomware. Organizations and individuals must remain vigilant. Key red flags and preventative measures include promptly patching known vulnerabilities in software and systems, implementing strong access controls with multi-factor authentication, and maintaining robust data backup and recovery strategies to minimize the impact of an attack.
Furthermore, investing in proactive threat intelligence and cybersecurity training for employees can help identify and mitigate risks before they escalate. A comprehensive incident response plan is crucial for managing the aftermath of a breach effectively. The global scale of Matveev’s operations highlights that no entity is immune, and continuous vigilance is the strongest defense against such sophisticated cyber threats.
