Connect with us

Hi, what are you looking for?



Russian National Arrested in Canada Over LockBit Ransomware Attacks

A 33-year-old Russian and Canadian national has been arrested in Canada over his role in LockBit ransomware attacks against critical infrastructure and major industrial groups worldwide.

A 33-year-old Russian and Canadian national has been arrested in Canada over his role in LockBit ransomware attacks against critical infrastructure and major industrial groups worldwide.

The individual, Mikhail Vasiliev, was arrested in late October, Europol said on Thursday. He is described as one of the world’s most prolific ransomware operators and one of Europol’s high-value targets due to his involvement in many high-profile ransomware cases. Authorities said he demanded ransom payments ranging between €5 and €70 million.

The US Justice Department announced charges against the alleged cybercriminal, saying that he is awaiting extradition.

Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. He faces up to five years in prison.

Europol said two of the suspect’s accomplices were arrested in Ukraine in October 2021. The law enforcement agency said at the time that it could not name the ransomware group they were part of due to operational reasons.

While authorities describe the suspect as an “operator”, he may only be an affiliate — they conduct attacks using malware and infrastructure provided by operators — and his arrest might not impact the LockBit operation too much.

The LockBit ransomware group continues to target major companies and one of the latest victims announced on the cybercrime gang’s website is German car parts giant Continental.

Advertisement. Scroll to continue reading.

Continental revealed in August that it had been targeted in a cyberattack, but did not share too much information. The LockBit group is now claiming to have stolen 40 Gb of data from the company and is offering to sell it for $50 million after negotiations with the company apparently failed.

The LockBit operation has been active since 2019 and the LockBit 2.0 ransomware-as-a-service operation emerged in June 2021. LockBit has been one of the most active ransomware enterprises, accounting for nearly half of all ransomware attacks in the first half of 2022. The DoJ said LockBit members have made at least $100 million in ransom demands and obtained tens of millions of dollars in actual ransom payments from victims. 

In the past couple of years, police arrested tens of ransomware suspects around the world, including in South Korea, Kuwait, Ukraine, Romania, Latvia, Canada, Poland, Russia and Switzerland.

However, in many cases the arrested individuals are ransomware affiliates and the impact on the overall ransomware enterprise may turn out to be limited.

Related: Russian Man Extradited to US for Laundering Ryuk Ransomware Money

Related: U.S. Charges Two Suspected Major Ransomware Operators

Related: Russian Authorities Arrest Head of International Cybercrime Group

Related: Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...