Canada detains Russian national over LockBit attacks

Mikhail Vasiliev is 'one of the most prolific ransomware operators in the world'

Canadian authorities detain Russian national over LockBit ransomware attacks

Image:
Canadian authorities detain Russian national over LockBit ransomware attacks

A dual Russian-Canadian national has been taken into custody in Canada, on suspicion of playing a role in the LockBit ransomware attacks that have targeted vital infrastructure and industrial groups across the world since 2020.

Mikhail Vasiliev, 33, was taken into custody last month, according to a press release issued by the US Department of Justice (DOJ).

Vasiliev, who resides in Bradford, Ontario, is now awaiting extradition to the USA.

Due to his alleged participation in a large number of high-profile ransomware cases, he is referred to as one of the most prolific ransomware operators in the world. Europol has designated him as a high-value target.

Vasiliev is said to have demanded ransom payments of between €5 million and €70 million from victims.

Police seized eight computers, 32 external hard drives and €400,000 worth of cryptocurrencies from Vasiliev's house during his arrest.

They also discovered screenshots of Tox exchanges with 'LockBitSupp,' commands for deploying the LockBit's Linux/ESXi locker, and the malware's source code, according to court documents [pdf].

They also found images of a computer screen with usernames and passwords for several platforms belonging to workers of a LockBit victim organisation in Canada, which was attacked near the start of the year.

"This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world," US Deputy Attorney General Lisa Monaco said.

"Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. With our partners, we will use every available tool to disrupt, deter, and punish cyber criminals."

Vasiliev has been charged with purposefully harming protected systems and conspiring to send ransom demands. If found guilty, he could spend up to five years in jail.

The LockBit ransomware strain initially surfaced in or around January 2020, and has developed into one of the most destructive ransomware worldwide.

LockBit has been used against at least 1,000 victims worldwide since it first appeared, and attackers have demanded at least $100 million in ransom payments. They have received actual payments totalling tens of millions of dollars.

The FBI has been investigating LockBit since March 2020.

According to Europol, two other alleged LockBit members were detained in Ukraine in September.

Six investigators from the French Gendarmerie, four from the FBI, a prosecutor from the French Prosecution Office of Paris, two experts from Europol's European Cybercrime Centre (EC3) and one Interpol officer were deployed in the country to conduct joint investigative measures with the National Police of Ukraine

Last year, the Ukrainian authorities detained other suspects who are thought to be members of the Clop and Egregor ransomware operations.