Mikhail Pavlovich Matveev (Russian: Михаил Павлович Матвеев), known online as Wazawaka, Boriselcin, and Uhodiransomwar, is a Russian national indicted by the U.S. Department of Justice on 16 May 2023 in two simultaneous federal cases.
Identification
Matveev was first publicly tied to ransomware operations by independent researcher Brian Krebs in January 2022, who documented Wazawaka's posts on Russian-language cybercrime forums describing LockBit and Babuk operations. The DOJ indictment formalised the attribution, charging him in the District of New Jersey and Eastern District of New York with:
- Conspiracy to transmit ransom demands
- Conspiracy to damage protected computers
- Intentional damage to a protected computer
Matveev was attributed to attacks on U.S. law enforcement agencies in Washington, D.C., a New Jersey police department, and healthcare and educational entities across the United States.
Sanctions and bounty
- U.S. OFAC SDN designation issued the same day as the indictment.
- $10 million State Department reward under the Transnational Organized Crime Rewards Program.
In an interview shortly after the indictment, Matveev gave a public response from his apartment in Khanty-Mansiysk, Russia, displaying a passport on camera and stating that he had "no plans to leave the country."
Why it matters
The Matveev case established the DOJ template for charging individual affiliates rather than waiting to dismantle entire franchises. The indictment language explicitly framed the ransom payments as wire fraud and the targeting of protected computers as federal crimes — a precedent that has since been re-applied to a dozen other named individuals.
The simultaneous OFAC sanction was also load-bearing: it made paying a ransom to a Matveev-attributed strain a potential OFAC violation for the victim, putting victim organisations on notice that the legal status of ransom payments now depends on attribution.