Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Russian National Arrested in Canada Over LockBit Ransomware Attacks

A 33-year-old Russian and Canadian national has been arrested in Canada over his role in LockBit ransomware attacks against critical infrastructure and major industrial groups worldwide.

A 33-year-old Russian and Canadian national has been arrested in Canada over his role in LockBit ransomware attacks against critical infrastructure and major industrial groups worldwide.

The individual, Mikhail Vasiliev, was arrested in late October, Europol said on Thursday. He is described as one of the world’s most prolific ransomware operators and one of Europol’s high-value targets due to his involvement in many high-profile ransomware cases. Authorities said he demanded ransom payments ranging between €5 and €70 million.

The US Justice Department announced charges against the alleged cybercriminal, saying that he is awaiting extradition.

Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. He faces up to five years in prison.

Europol said two of the suspect’s accomplices were arrested in Ukraine in October 2021. The law enforcement agency said at the time that it could not name the ransomware group they were part of due to operational reasons.

While authorities describe the suspect as an “operator”, he may only be an affiliate — they conduct attacks using malware and infrastructure provided by operators — and his arrest might not impact the LockBit operation too much.

The LockBit ransomware group continues to target major companies and one of the latest victims announced on the cybercrime gang’s website is German car parts giant Continental.

Continental revealed in August that it had been targeted in a cyberattack, but did not share too much information. The LockBit group is now claiming to have stolen 40 Gb of data from the company and is offering to sell it for $50 million after negotiations with the company apparently failed.

The LockBit operation has been active since 2019 and the LockBit 2.0 ransomware-as-a-service operation emerged in June 2021. LockBit has been one of the most active ransomware enterprises, accounting for nearly half of all ransomware attacks in the first half of 2022. The DoJ said LockBit members have made at least $100 million in ransom demands and obtained tens of millions of dollars in actual ransom payments from victims. 

In the past couple of years, police arrested tens of ransomware suspects around the world, including in South Korea, Kuwait, Ukraine, Romania, Latvia, Canada, Poland, Russia and Switzerland.

However, in many cases the arrested individuals are ransomware affiliates and the impact on the overall ransomware enterprise may turn out to be limited.

Related: Russian Man Extradited to US for Laundering Ryuk Ransomware Money

Related: U.S. Charges Two Suspected Major Ransomware Operators

Related: Russian Authorities Arrest Head of International Cybercrime Group

Related: Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.