Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide.
The suspect was arrested in Ontario, Canada, last month following an investigation led by the French National Gendarmerie with the help of Europol's European Cybercrime Centre (EC3), the FBI, and the Canadian Royal Canadian Mounted Police (RCMP).
"One of the world's most prolific ransomware operators has been arrested on 26 October in Ontario, Canada," Europol said today.
"A 33-year old Russian national, the suspect is believed to have deployed the LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups across the world."
Law enforcement agents also seized eight computers and 32 external hard drives, two firearms, and €400,000 worth of cryptocurrency from the suspect's home,
Europol added that this LockBit operator "was one of Europol's high-value targets due to his involvement in numerous high-profile ransomware cases," and he is known for trying to extort victims with ransom demands between €5 to €70 million.
While Europol describes the suspect as an 'operator' of the LockBit ransomware, he is likely an affiliate rather than a manager of the cybercrime operation.
Furthermore, the public-facing LockBit representative known as 'LockBitSupp' was posting in hacker forums as recently as yesterday.
Charged for participation in LockBit ransomware attacks
The U.S. Department of Justice (DOJ) said in a press release published today that the 33-year-old suspect's name is Mikhail Vasiliev, a dual Russian and Canadian national from Bradford, Ontario, Canada.
According to the criminal complaint, in an August 2022 search of his home, Canadian law enforcement also found screenshots of Tox exchanges with 'LockBitSupp,' instructions on how to deploy the LockBit's Linux/ESXi locker and the malware's source code, as well as "photographs of a computer screen showing usernames and passwords for various platforms belonging to employees of a LockBit victim in Canada, which suffered a confirmed LockBit attack in or about January 2022."
He is now awaiting extradition to the United States for his alleged participation in the LockBit global ransomware campaign.
Vasiliev was charged with conspiracy to transmit ransom demands and to intentionally damage protected computers. He faces a maximum of five years of incarceration if convicted.
"This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world," Deputy Attorney General Lisa O. Monaco said today.
"It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats."
Stream of ransomware operator arrests
This arrest follows a similar action in Ukraine in October 2021 when a joint international law enforcement operation involving the FBI, the French police, and the Ukrainian National Police led to the arrest of two of his accomplices.
While announcements from Europol and the Ukrainian police described the suspects as members of a top-tier ransomware gang, Europol told BleepingComputer at the time that they could not name the group for operational reasons.
"Both these individuals were part of the same group which focused not only on ransom attacks, but also laundered criminal funds," Europol said.
Both suspects were arrested in Kyiv, Ukraine, with one of them described as a 25-year-old male "hacker."
Last year, the Ukrainian police also arrested other suspects believed to be members of the Clop and Egregor ransomware operations.
Europol also announced in October 2021 that law enforcement agencies apprehended 12 suspects in Ukraine and Switzerland believed to be linked to LockerGoga, MegaCortex, and Dharma ransomware attacks that affected more than 1,800 victims in 71 countries.
Update November 10, 12:13 EST: Added more info from DOJ press release and criminal complaint.
Comments
BigPete - 1 year ago
first lock-bit now lock-butt
FastEddie767 - 1 year ago
Why do I expect the real take down look less like the picture and more like some overweight stinky dude with adult acne in his underwear who's house smells of cat litter and stale fried food?
Amigo-A - 1 year ago
If he lived in Canada, then he is a citizen of Canada.
No normal citizen of another country will go to Canada to engage in cyber extortion there.
tmontney - 1 year ago
I'm more curious to know HOW they caught him.
dvee - 1 year ago
That person actually has Canadian citizenship. I didn't know Bleeding Computer is part of the anti-Russia propaganda machine.
RSFWATER - 1 year ago
In fact, we are close relatives. And I think that Michail has been framed. Real criminals are still free. Police just need to be a hero in order to explain the money they are paid for their job. Because we are currently living in a specific period of time which I call the "Age of Insanity", there is no point anymore believing in Justice.
Regards,
Serguei F. Roudnev
SirZed - 1 year ago
Wait, am I reading this correctly?
"attacks against critical infrastructure" + "extort victims with ransom demands between €5 to €70 million" = "maximum of five years of incarceration"
What the heck is wrong with people? This should easily be decades if not a life sentence...
RSFWATER - 1 year ago
<p>Personal insult, text deleted..</p>
<p>Chris Cosgrove, Mod.</p>