A dual Russian and Canadian national has been arrested for his alleged involvement with the infamous LockBit ransomware gang.
Mikhail Vasiliev, 33, is accused of conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection to doing so. He was arrested in Ontario, Canada, on Nov. 9 and is awaiting an extradition hearing.
The U.S. Department of Justice claims that Vasiliev “participated in the LockBit campaign by conspiring with others to intentionally damage protected computers and to transmit ransom demands.”
Precisely what that is meant to mean, however, is unclear – there is no single “LockBit campaign,” and LockBit offers ransomware-as-a-service, meaning that LockBit attacks are not always undertaken by LockBit itself but by affiliates. Whether Vasiliev was an affiliate or was directly involved with the gang was not specified by the Justice Department.
A press release from Europol, who along with the Federal Bureau of Investigation and the Canadian Royal Mounted Police, led the investigation, provided some further details. Europol claims that Vasiliev “is known for his extortionate ransom demands” ranging from five million euros to 70 million euros. Hinting that he may have been acting as a LockBit affiliate, the statement says that he “deployed the LockBit ransomware to carry out attacks,” not that he was running the group or a direct member of the gang.
Canadian police are also said to have seized two firearms, eight computers, 32 external hard drives and 400,000 euros in cryptocurrency. “This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” Deputy Attorney General Lisa O. Monaco, said in a statement.
LockBit emerged in January 2020 and is believed to have been deployed against as many as 1,000 victims in the U.S. The Justice Department claims that LockBit members have made at least $100 million in ransom demands and have successfully extracted tens of millions of dollars from victims.
The gang was last in the news in August when they were knocked offline in a distributed denial-of-service attack, but have since fully recovered. LockBit has dozens of recent victims currently listed on its dark web blog (see picture above) – notable recent victims include Thales Group SA, Continental AG, the Chattanooga Housing Authority and Meiji Singapore.
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.