Exploring Wazawaka: A Deep Dive into Cybercrime World

In today’s hyper-connected world, the specter of cyber threats looms large. From small businesses to government agencies, no one is immune to these digital predators.

Among the various cybercriminals that have emerged, one name stands out – Wazawaka.

Known for his cunning and relentless attacks, this Russian ransomware hacker has left an indelible mark on the landscape of global cybersecurity.

This blog post aims to delve into Wazawaka’s activities, dissect his tactics, and most importantly, draw lessons from these incidents to bolster our defenses.

Join us on this journey as we navigate the murky waters of cybercrime and strive to create a safer digital world.

Unmasking Wazawaka: The Real Identity Behind A String of Ransomware Attacks

Russian hacker Wazawaka, whose real identity is Mikhail Pavolovich Matveev, has been indicted by the US Justice Department for his involvement in three different ransomware groups.

These groups extorted hundreds of millions of dollars from companies, hospitals, schools, and government agencies across the globe.

The damage caused by these ransomware attacks is staggering. It is estimated that hundreds of millions of dollars were extorted from the victims. This figure represents not only the ransoms paid to recover encrypted data but also the costs associated with system downtime, loss of productivity, and reputational damage.

The indictment of Wazawaka marks a significant development in the ongoing battle against cybercrime. It sends a clear message to other would-be hackers about the serious consequences of such activities.

Wazawaka Accused of Multiple High-Profile Ransomware Attacks

Matveev, using the aliases “Wazawaka” and “Boriselcin,” is accused of deploying ransomware on three occasions, namely against a law enforcement agency in Passaic County, New Jersey, a non-profit behavioral healthcare organization in Mercer County, New Jersey, and the Metropolitan Police Department in Washington, DC.

As a result, Matveev is facing charges of conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers, with a maximum sentence of over 20 years in prison.

While the US Department of Treasury has added Matveev to its list of persons unlawfully transacting financially, the US State Department has offered a $10 million reward for his apprehension and prosecution.

Despite these legal proceedings, Matveev is unlikely to be extradited while he remains in Russia.

Profile of the Notorious Ransomware Gang and Their Evolution Over the Past Few Years

While Matveev is a member of three ransomware groups, he is most infamous for his affiliation with Babuk, whose affiliate program, Wazawaka, was established on New Year’s Eve in 2020.

In addition to using “Boriselcin” as his online alias, Matveev also used “Orange,” which is the creator of RAMP (Ransom Anon Market Place), a ransomware forum that emerged as a response to Dark Web forums banning ransomware collectives.

Matveev’s group is known for its unique communitarian view, which suggests that any data stolen from a victim organization that declines to cooperate should be publicized on Russian cybercrime forums for others to plunder. This tactic marks a stark departure from the traditional approach of privately selling data for the highest bid.

Encrypting Networks and Demanding Bitcoin

Matveev’s group utilizes ransomware to encrypt the victim’s network, demanding payment in Bitcoin for the decryption key.

Most malware is delivered through phishing attempts or via drive-by downloads exploiting unpatched vulnerabilities. Once executed, the ransomware identifies and encrypts as many devices on the network as possible.

When ransomware’s encryption routine encrypts files, it is rendered unusable until a decryption key is provided. With no viable backup or decryption key, the targeted organization must either pay the ransom or risk losing data.

In many cases, even after the ransom is paid, the perpetrators do not provide the decryption key or malicious actors delete the files irreversibly.

International Manhunt: Law Enforcement Agencies Collaborate to Identify Key Members

Matveev’s arrest has been hindered by his location in Russia, which has yet to cooperate with international law enforcement agencies on cybercrime.

Nevertheless, the US Justice Department and international law enforcement agencies are collaborating with experts to prevent future attacks.

These efforts are necessary to protect individuals, businesses, and critical infrastructure from cybercrime, which is growing increasingly sophisticated and more dangerous.

Lessons Learned: Bolstering Global Cybersecurity

The activities of prolific ransomware hackers like Wazawaka have exposed the vulnerabilities in our global cybersecurity defenses.

Through a careful analysis of these incidents, we can glean valuable lessons and formulate effective strategies to bolster our digital fortifications.

Understanding the Threat Landscape

Cybersecurity is no longer a concern exclusive to tech companies or large corporations.

As Wazawaka’s attacks have shown, any entity, be it a law enforcement agency, a non-profit organization, or a small business, can fall victim to these cyber threats.

Recognizing this universal vulnerability is the first step towards building a robust defense strategy.

Implementing Basic Security Practices

One of the key lessons from Wazawaka’s exploits is the importance of establishing basic security practices.

This includes requiring strong passwords, setting up multi-factor authentication, and regularly updating and patching software.

Such measures can significantly reduce the risk of falling prey to phishing attempts or software exploitation, which are common tactics used by hackers like Wazawaka.

Developing a Collaborative Defense Strategy

The fight against cyber threats cannot be shouldered by individual entities alone. It demands a collaborative approach, involving governments, businesses, and individuals.

As the National Cybersecurity Strategy suggests, significant progress can be achieved through collective defense efforts.

Sharing information about potential threats, coordinating responses to attacks, and pooling resources to enhance cybersecurity infrastructure can all contribute to a more resilient digital ecosystem.

Investing in Cyber Defense Agencies

Cyber defense agencies like CISA play a crucial role in preparing for, responding to, and mitigating the impact of cyberattacks.

By providing necessary resources and support to these agencies, we can strengthen our defenses against hackers like Wazawaka.

Prioritizing Cybersecurity in National Strategies

As the 2023 DOD Cyber Strategy and the Paraguayan National Plan of Cybersecurity highlight, incorporating cybersecurity as a key component in national strategies is crucial.

This can ensure a more comprehensive and proactive approach to tackling cyber threats, thereby enhancing national security.


The tactics employed by Wazawaka serve as a stark reminder of the evolving nature of cyber threats.

However, they also provide valuable insights into how we can bolster our global cybersecurity defenses.

By learning from these incidents and implementing the above recommendations, we can build a more secure digital world.