Accused LockBit Ransomware Operator Arrested in CanadaRussian-Canadian Mikhail Vasiliev, May Face Up to 5 Years of Prison in the US
Police in Ontario arrested a dual Canadian and Russian national for acting as an affiliate to the LockBit ransomware-as-a-service gang. Mikhail Vasiliev, of Bradford, Ontario, now faces extradition to the United States, where federal prosecutors in New Jersey unsealed a criminal complaint accusing him of conspiracy to commit computer intrusion.
LockBit is among the most prolific ransomware groups, active since at least January 2020 and often pointed to as winner of the contest to succeed Conti as the world's most recognized digital extortion gang (see: Keys to LockBit's Success: Self-Promotion, Technical Acumen).
The complaint describes the Oct. 26 arrest of Vasiliev, 33, as occurring in his home's garage, where open web browser tabs on his laptop including a site named "LockBit Login." If convicted, he faces a maximum of five years in prison and a fine of $250,000, or twice the gross gains from his ransomware activities, whichever is greater. Canadian newspaper the National Post reports Vasiliev appeared in court Thursday on the extradition request, and his hearing was adjourned until next week. The newspaper says he is free on bail, subject to location monitoring by GPS.
The complaint says Canadian police conducted a search in August of Vasiliev's computing devices during which they discovered screenshots of encrypted messages exchanged on the Tox platform between him and someone named "LockBitSupp." Also on the devices were what appeared to instructions for how to deploy the LockBit encryptor and source code for a program designed to encrypt Linux-based systems. Investigators learned, the complaint states, that LockBit members have sought to expand their encryptor to function on the open-source operating system.
Europol released a statement stating police found two firearms, eight computers, 32 external hard drives and cryptocurrency worth 400,000 euros in Vasiliev's possession during the October raid. Investigators from the French National Gendarmerie, the FBI and Europol’s European Cybercrime Center worked with the Royal Canadian Mounted Police to investigate Vasiliev. An RCMP spokesman declined to comment.
Europol characterized Vasiliev's arrest as a follow-up to a 2021 international operation conducted by French, U.S. and Ukrainian police that resulted in the arrest in Ukraine of two ransomware operators.
LockBit this past summer released version 3.0 of its malware with a flourish that included a call to "Make Ransomware Great Again!"
"Cybercriminals who damage protected systems, exploit privileged information, or hold for ransom important files and data are a threat to our way of life," FBI-Newark Special Agent in Charge James E. Dennehy said in a statement. "The FBI will not stand idly by while companies and government entities are bled dry or while their systems are corrupted by these criminal opportunists."