After facing sanctions, Matveev infamously mocked U.S. law enforcement by sharing an image of his wanted poster on a t-shirt.

Mikhail Pavlovich Matveev, a notorious Russian cybercriminal associated with major ransomware operations like LockBit and Hive, has been arrested by Russian authorities.

His criminal activities include notable attacks on a New Jersey law enforcement agency in June 2020 and the Washington D.C. Metropolitan Police Department in April 2021.

He faces serious charges under Russian law for creating and distributing malicious software, specifically under Part 1 of Article 273 of the Russian Criminal Code.

The U.S. government indicted Matveev in May 2023 for orchestrating ransomware attacks against thousands of victims globally, including law enforcement and healthcare organizations.

Matveev's connections extend to several ransomware groups, including Conti, LockBit, Hive, and Babuk, and he is also linked to the Ramp hacking forum.

While Matveev's arrest could disrupt various ransomware operations, his extradition to the U.S. remains uncertain due to geopolitical tensions.

Matveev has been sanctioned by the U.S. Treasury Department for his involvement in cyberattacks that have significantly impacted U.S. infrastructure, with estimates suggesting he extorted over $75 million in ransom payments.

He has maintained a vocal online presence, boasting about his cybercriminal exploits and engaging with cybersecurity professionals.

Matveev is accused of developing ransomware designed to encrypt files and extort ransom payments from commercial organizations.

His arrest comes shortly after the sentencing of four members of the now-defunct REvil ransomware operation in Russia for hacking and money laundering.

Operating under various online aliases, including Wazawaka and m1x, Matveev has built a reputation in the cybercrime community.