Canadian police arrest suspected LockBit ransomware gang operator

Canadian police have arrested a Russian citizen who they say is one of the world’s most prolific ransomware operators behind the LockBit ransomware gang. If true the arrest could be a big blow to the organization.

In a news release today, the European Multidisciplinary Platform Against Criminal Threats (EMPACT) said the man was arrested October 26th in an unnamed Ontario city, following an investigation led by the French National Gendarmerie (Gendarmerie Nationale), with the support of Europol, the RCMP, and the FBI.

The 33-year old Russian national is believed to have deployed the LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups around the world, the release said. He is known for his extortionate ransom demands ranging between €5 to €70 million.

UPDATE: The EMPACT release didn’t name the man. However, the U.S. Justice Department issued a release saying Mikhail Vasiliev, 33, of Bradford, Ont. is in custody in Canada and is awaiting extradition to the United States. Bradford is a town of about 24,000 less than an hour’s drive north of Toronto.

He is charged by the U.S. with conspiracy to intentionally damage protected computers and to transmit ransom demands. If convicted, he faces a maximum of five years in prison.

“This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” said U.S. Deputy Attorney General Lisa Monaco. “It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats. Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. With our partners, we will use every available tool to disrupt, deter, and punish cyber criminals.”

This arrest is the follow-up to an action carried out in Ukraine in October which led to the arrests of two of his accomplices, the release said.

During the arrest Canadian police seized eight computers, 32 external hard drives, and €400 000 in cryptocurrencies, police said.

The arrest is significant, said Brett Callow, a British Columbia-based threat researchers with Emsisoft. “Ransomware groups do not exist in a vacuum – they work with access brokers, money launderers, etc. – and this person could be a valuable source of information that will result in the arrest of others. Also, this may well be the end of LockBit. The operation is effectively compromised and other cybercriminals will no longer trust it.”

According to researchers at BlackBerry, LockBit ransomware has been implicated in more cyberattacks this year than any other ransomware, making it the most active ransomware in the world.

LockBit victims pay an average ransom of approximately $85,000, BlackBerry said, indicating that LockBit targets small-to-medium-sized organizations.

LockBit was first seen in September 2019. Since then, it has evolved: LockBit 2.0 appeared in 2021; LockBit 3.0, the current version, was discovered in June 2022.

More to come.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs