Canadian police have arrested a Russian national behind the LockBit ransomware gang, one of the world’s most prolific ransomware operators. If this arrest turns out to be true then it can be a big blow for the organization.
The European Multidisciplinary Platform Against Criminal Threats (EMPACT) said in a news release today that the man was arrested on October 26 in an unnamed Ontario city by an operation led by the French National Gendarmerie (Gendarmerie Nationale) with the support of Europol. It happened after investigation. RCMP, and FBI.
The 33-year-old Russian national is believed to have deployed the LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups around the world. He is known for making extortionate ransom demands of between €5 and €70 million.
Update: The person was not named in the EMPACT release. However, the US Justice Department issued a release saying that Mikhail Vasiliev, 33, of Bradford, Ont. He is in custody in Canada awaiting extradition to the United States. Bradford is a city of 24,000 less than an hour’s drive north of Toronto.
He has been charged with conspiracy to intentionally damage protected computers by the US and conspiracy to broadcast a ransom demand. If convicted, he faces a maximum of five years in prison.
“This arrest is the result of a more than two-and-a-half-year investigation into the LockBit ransomware group, which has plagued victims in the United States and around the world,” said US Deputy Attorney General Lisa Monaco. “It’s also the result of more than a decade of experience that FBI agents, Department of Justice prosecutors and our international partners have built up eliminating cyber threats. Let this be another warning to ransomware actors: partners around the world.” Working with the U.S., the Department of Justice will continue to disrupt cyber threats and hold criminals accountable. Together with our partners, we will use every tool available to disrupt, deter, and punish cybercriminals.”
The arrest follows an operation in Ukraine in October, in which two of his accomplices were arrested, the release said.
Canadian police seized eight computers, 32 external hard drives and €400,000 in cryptocurrency during the arrests, police said.
Brett Calo, a British Columbia-based threat researcher at Emsisoft, said the arrest is significant. “Ransomware groups do not exist in a vacuum – they work with access brokers, money launderers, etc. – and this person could be a valuable source of information that would result in the arrest of others. At the same time, it could be the end of LockBit. The operation is effectively compromised and other cyber criminals will no longer trust it.
According to researchers at BlackberryLockBit ransomware has been implicated in more cyberattacks this year than any other ransomware, making it the most active ransomware in the world.
Blackberry said LockBit victims pay an average ransom of around $85,000, indicating that LockBit targets small to medium-sized organizations.
LockBit was first spotted in September 2019. Since then, it has evolved: LockBit 2.0 appears in 2021; Lockbit 3.0, the current version was Discovered June 2022,
more to come.