The Russian government has confirmed the indictment of a 32-year-old resident, who authorities accuse of creating and launching ransomware attacks. Russian prosecutors said last week that they charged the unnamed hacker, who lives in the Russian province of Kaliningrad, with the creation of ransomware to gain “illegal profit.”
The arrest of a suspected ransomware member from inside Russia’s borders is rare, though not unheard of. The Russian government has a long history of shielding its citizens from U.S. law enforcement actions, including indictments and extraditions associated with cybercrime.
In a brief statement last week, the Kaliningrad prosecutor’s office confirmed it filed criminal charges against the individual with the local courts. The prosecutor’s statement said authorities established in January 2024 that the accused hacker “planned to use the malicious program to encrypt the data of commercial organizations with the subsequent receipt of a ransom for decryption,” describing how hackers deploy ransomware.
Authorities did not name the suspected ransomware hacker. Russian media outlet RIA named the suspect as Mikhail Matveev, a 32-year-old resident of Kaliningrad, who is on the FBI’s most wanted list for allegedly launching ransomware attacks against U.S. companies.
U.S. authorities previously linked Matveev — currently with a $10 million U.S. State Department bounty for information leading to his arrest — to the Babuk, Hive, and LockBit ransomware gangs. Matveev previously told TechCrunch that he “burned” his passport to avoid getting caught while traveling overseas by a country that has an extradition treaty with the United States — which Russia does not. Matveev also told TechCrunch that sanctions issued against him by the U.S. government means that Russia would likely not deport him to the United States to face justice.
Matveev did not respond to a message sent by TechCrunch on Monday. A tweet posted by an X account known to be run by Matveev last posted on December 1, the first post on the account since mid-October.
Spokespeople for the Russian government in Moscow and the Russian embassy in Washington DC did not return emails requesting comment. The FBI did not comment Monday on the report of Matveev’s arrest.
U.S. government officials have long accused Russia of taking little action against cybercriminals who operate within its borders. U.S. intelligence chiefs reiterated earlier this year that the U.S. and its allies would continue to experience ransomware attacks because Russia provides “safe haven” to hackers who target Western businesses and governments.
The arrest — and public disclosure of it — of a ransomware operator in Russia is rare. Russian authorities arrested several members of the REvil ransomware gang in 2022, weeks after a cyberattack by the gang on Colonial Pipeline, a major gas and oil pipeline that runs up the U.S. east coast. The cyberattack resulted in major disruption to gas and fuel supplies for more than a week. In a rare statement at the time, the Russian Federal Security Service (known as the FSB) said it “neutralized” the hackers’ infrastructure, effectively shutting down the ransomware operation.
Security researchers say that 2024 is on track to become a record-breaking year for profits from ransomware attacks, and will likely become a major priority for the second Trump administration, which is set to take office in January.
