Federal prosecutors on Thursday charged a dual Russian and Canadian citizen for his alleged participation in a global campaign to distribute ransomware known as LockBit.
Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, was taken into custody by authorities in Ontario in late October, Interpol officials said. He is now detained in Canada pending extradition to the US.
Federal prosecutors alleged that Vasiliev helped infect networks around the world with LockBit. Officials at Europol said he is one of the law enforcement group’s most valuable targets due to the high number of high-profile ransomware attacks in which he has been involved.
LockBit was first spotted in September 2019 and quickly stood out among competing ransomware families. While most are operated manually, LockBit has largely automated its tasks, a feature that allowed it to propagate with minimal human oversight after the initial point of compromise. To date, it has been used against more than 1,000 organizations in the US and around the world.
LockBit is sold in underground brokerage forums that often require sellers to make a deposit that customers can get back in the event the goods don’t perform as advertised. As a testament to their confidence and determination, the LockBit merchants had paid out nearly $75,000 as of May 2020.
Like most other modern ransomware, LockBit operates on a RaaS shorthand for ransomware-as-a-service model, in which ransomware developers rent out their ransomware to partners who receive a portion of the ransom from successful attacks. As is the case with most ransomware today, LockBit operates on a dual extortion scheme. Victims who don’t pay lose access to gigabytes or terabytes of files and see their private data circulating on a site on the dark web, where anyone can find it.
Vasiliev is charged with conspiracy to intentionally damage secure computers and to make ransom demands. If convicted, he faces up to five years in prison. It is not known if and when the suspect will make a plea in court.
Vasiliev was arrested by Canadian Mounted Police, who were accompanied by investigators from the French Gendarmerie, the FBI and Europol’s European Cybercrime Center. Police seized two firearms, eight computers, 32 external hard drives and approximately $405,000 worth of cryptocurrencies. His arrest follows the arrest in September 2021 of two of his accomplices.
Authorities have been investigating LockBit since early 2020.
The “successful arrest demonstrates our ability to maintain and exert relentless pressure on our adversaries,” said FBI deputy director Paul Abbate. “The FBI’s ongoing investigative efforts, working closely with our federal and international partners, illustrate our commitment to use all of our resources to ensure we protect the American public from these global cyber threat actors.”