The Russian government has confirmed the indictment of a 32-year-old resident, who authorities accuse of creating and launching ransomware attacks. Russian prosecutors said last week that they charged the unnamed hacker, who lives in the Russian province of Kaliningrad, with the creation of ransomware to gain “illegal profit.”

The arrest of a suspected ransomware member from inside Russia’s borders is rare, though not unheard of. The Russian government has a long history of shielding its citizens from U.S. law enforcement actions, including indictments and extraditions associated with cybercrime. This move marks a significant departure from Russia's usual stance, and its implications are being closely watched by cybersecurity experts and law enforcement agencies worldwide.

In a brief statement last week, the Kaliningrad prosecutor’s office confirmed it filed criminal charges against the individual with the local courts. The prosecutor’s statement said authorities established in January 2024 that the accused hacker “planned to use the malicious program to encrypt the data of commercial organizations with the subsequent receipt of a ransom for decryption,” describing how hackers deploy ransomware.

Although authorities did not name the suspected ransomware hacker, Russian media outlet RIA has identified the suspect as Mikhail Matveev, a 32-year-old resident of Kaliningrad, who is on the FBI’s most wanted list for allegedly launching ransomware attacks against U.S. companies. Matveev is currently the subject of a $10 million U.S. State Department bounty for information leading to his arrest.

U.S. authorities previously linked Matveev to the Babuk, Hive, and LockBit ransomware gangs. In a previous interview with TechCrunch, Matveev claimed that he “burned” his passport to avoid getting caught while traveling overseas by a country that has an extradition treaty with the United States — which Russia does not. Matveev also stated that sanctions issued against him by the U.S. government means that Russia would likely not deport him to the United States to face justice.

Matveev did not respond to a message sent by TechCrunch on Monday, and his social media activity has been sparse, with his last post on an X account known to be run by him dating back to December 1. Spokespeople for the Russian government in Moscow and the Russian embassy in Washington DC did not return emails requesting comment, and the FBI did not comment Monday on the report of Matveev’s arrest.

The arrest and public disclosure of a ransomware operator in Russia is a rare occurrence. Russian authorities arrested several members of the REvil ransomware gang in 2022, weeks after a cyberattack by the gang on Colonial Pipeline, a major gas and oil pipeline that runs up the U.S. east coast. The cyberattack resulted in major disruption to gas and fuel supplies for more than a week. In a rare statement at the time, the Russian Federal Security Service (known as the FSB) said it “neutralized” the hackers’ infrastructure, effectively shutting down the ransomware operation.

The implications of this arrest are significant, particularly in light of the growing threat of ransomware attacks. Security researchers say that 2024 is on track to become a record-breaking year for profits from ransomware attacks, and will likely become a major priority for the second Trump administration, which is set to take office in January. The move by Russian authorities may signal a shift in their stance on cybercrime, and could potentially pave the way for increased cooperation between Russia and the U.S. in combating ransomware attacks.

As the cybersecurity landscape continues to evolve, this rare move by Russia serves as a reminder that international cooperation is crucial in the fight against cybercrime. The arrest and indictment of Matveev may be a small step towards greater accountability for cybercriminals, but it is a significant one, and its impact will be closely watched in the coming months.