Russian authorities have charged Mikhail Matveev, a notorious hacker known as Wazawaka, for creating malware used to extort commercial organizations, the Russian Interior Ministry announced last week.

Matveev, linked to ransomware groups such as Babuk, Conti, DarkSide, Hive, and LockBit, faces charges under Russia’s Criminal Code for the creation or distribution of software intended to damage or manipulate information systems. If convicted, Matveev could be sentenced to up to four years in prison or fined.

The developments were first reported by the Russian state news agency RIA Novosti. Subsequently, a cybersecurity-focused online community known as “club1337” claimed to have contacted Wazawaka, who confirmed the charges. Matveev reportedly admitted to paying two fines and having a large amount of his cryptocurrency seized. “He is currently out on bail, unharmed, and awaiting the next steps in the legal process,” club1337 reported.

Russia’s prosecution of Matveev is notable given the country’s historical reluctance to pursue cybercriminals that operate within its own borders, particularly those whose activities align with state interests or target foreign adversaries. However, Russia has made exceptions recently, aligning with a broader crackdown on cybercriminals. Several members tied to the REvil ransomware gang were arrested in 2022, with Russian court proceedings taking place in October. 

Matveev’s case rose to prominence following his involvement in the April 2021 ransomware attack on Washington, D.C.’s Metropolitan Police Department, allegedly as a member of the Babuk group. The hackers claimed to have stolen over 250 gigabytes of sensitive data, threatening to release it unless a ransom was paid. This attack was part of a broader pattern of cybercrimes attributed to Matveev, who has been sanctioned and indicted by U.S. authorities. 

The FBI and State Department have offered up to $10 million for information leading to Matveev’s capture.

Matveev has been very vocal online about his activities, often displaying a cavalier attitude toward researchers or journalists who have exposed his work and expressing little concern about the U.S. charges. He publicly dismissed the sanctions as ineffective, musing about launching new cybersecurity projects in Russia aimed at preventing the FBI from recruiting young Russian talent.

Despite his notoriety, Matveev claimed to live an “ordinary life” in Russia, asserting in multiple interviews that he had never been approached by Russian law enforcement until the past few weeks.