Uhodiransomwar

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Uhodiransomwar, also known as Mikhail Pavlovich Matveev, Wazawaka, m1x, and Boriselcin, is a threat actor who has been active since at least 2020. Matveev, a 30-year-old Russian national, is alleged to have participated in conspiracies to deploy three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted various entities including law enforcement agencies, government bodies, hospitals, and schools. As part of his operation, Matveev transmitted ransom demands in connection with each deployment, escalating the threat posed by these cyberattacks. In May 2023, the U.S. Justice Department charged Matveev for his role in these multiple ransomware attacks. The indictment was obtained in the District of New Jersey and announced by the department, highlighting Matveev's alleged participation in separate conspiracies to deploy the aforementioned ransomware variants against victims both in the United States and abroad. His charges included conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. The U.S. government also imposed cyber-related sanctions on Matveev as part of its efforts to combat cybercrime. This move underscores the government's commitment to imposing consequences on significant actors within the cybercrime ecosystem. Notably, Matveev's alias "Uhodiransomwar" was spotted on the crime forum XSS, where he allegedly posted download links to databases from companies that refused to negotiate after five days. This activity further illustrates the extent and severity of Matveev's involvement in global ransomware campaigns.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mikhail Pavlovich Matveev
4
Mikhail Pavlovich Matveev, a Russian national also known by the online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, is identified as a significant threat actor in the cybersecurity landscape. He is one of five Russians charged over their involvement with Lockbit, a group regarded as the w
Boriselcin
3
Mikhail Pavlovich Matveev, also known as Boriselcin, is a threat actor that has been implicated in significant cybercrime activities. Beginning at least as early as 2020, Matveev has been allegedly involved in deploying three ransomware variants: LockBit, Babuk, and Hive. These attacks targeted vari
M1x
3
M1x, also known as Wazawaka, Boriselcin, and Uhodiransomwar, is a threat actor identified as Mikhail Pavlovich Matveev. This individual has been allegedly involved in malicious cyber activities since at least 2020. Matveev's primary mode of operation involves the deployment of ransomware, specifical
Wazawaka
3
Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper
Mikhail Matveev
1
Mikhail Matveev, also known by his online pseudonyms "Wazawaka," "m1x," "Boriselcin," and "Uhodiransomwar," is a prominent figure in the world of cybercrime. Identified as a threat actor by the FBI, Matveev has been connected to multiple malicious activities, including being an affiliate of LockBit
Hive Ransomware
1
Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Russia
XSS (Cross S...
Ransom
Cybercrime
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
3
LockBit is a type of malware, specifically ransomware, that infiltrates systems to steal data or disrupt operations, often demanding ransom in return for the release of the compromised data. Notable incidents include the LockBit ransomware gang claiming to have stolen and subsequently leaking data f
HiveUnspecified
2
Hive, a notorious malware known for its destructive capabilities, has been used by cybercriminals to exploit and damage computer systems. One such instance involved the infamous Volt Typhoon, who exfiltrated NTDS.dit and SYSTEM registry hive data to crack passwords offline. This malicious software w
BabukUnspecified
1
Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, often leading to significant disruptions in operations. A notable instance of Babuk's destructive capabilities occurred on December 7th, when a printing company fell prey to the ransomware. The
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Uhodiransomwar Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Flashpoint
2 months ago
COURT DOC: U.S. Charges Russian National with Developing and Operating LockBit Ransomware
CERT-EU
a year ago
US Offering $10M Reward for Russian Man Charged With Ransomware Attacks
CERT-EU
10 months ago
District of New Jersey | Russian National Charged with Ransomware Attacks Against Critical Infrastructure | #ransomware | #cybercrime | National Cyber Security Consulting
CSO Online
a year ago
Russian national indicted for ransomware attacks against the US
CERT-EU
a year ago
Who wants to be a millionaire by giving a tip to FBI about this hacker?
CERT-EU
a year ago
The Good, the Bad and the Ugly in Cybersecurity – Week 20 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
a year ago
$10M Reward For Arrest Of Russian Hacker
Krebs on Security
a year ago
Russian Hacker “Wazawaka” Indicted for Ransomware
Flashpoint
a year ago
COURT DOC: Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses
CERT-EU
a year ago
Help The DoJ Find This Russian Ransomware Hacker And You Could Score A $10M Bounty | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
a year ago
COURT DOC: Ransomware Charges Unsealed Against Russian National | #ransomware | #cybercrime – National Cyber Security Consulting
CERT-EU
a year ago
Russian man charged in ransomware attack on D.C. police | #ransomware | #cybercrime – National Cyber Security Consulting
CERT-EU
a year ago
Russian national charged with ransomware attacks against critical infrastructure
CERT-EU
a year ago
Russian Hacker “Wazawaka” Indicted for Ransomware - GIXtools
Flashpoint
a year ago
COURT DOC: Ransomware Charges Unsealed Against Russian National
Securityaffairs
a year ago
A Russian national charged for committing LockBit Ransomware attacks