Russian National Arrested in Canada Over LockBit Ransomware Attacks

A 33-year-old Russian and Canadian national has been arrested in Canada over his role in LockBit ransomware attacks against critical infrastructure and major industrial groups worldwide.

The individual, Mikhail Vasiliev, was arrested in late October, Europol said on Thursday. He is described as one of the world’s most prolific ransomware operators and one of Europol’s high-value targets due to his involvement in many high-profile ransomware cases. Authorities said he demanded ransom payments ranging between €5 and €70 million.

The US Justice Department announced charges against the alleged cybercriminal, saying that he is awaiting extradition.

Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. He faces up to five years in prison.

Europol said two of the suspect’s accomplices were arrested in Ukraine in October 2021. The law enforcement agency said at the time that it could not name the ransomware group they were part of due to operational reasons.

While authorities describe the suspect as an “operator”, he may only be an affiliate — they conduct attacks using malware and infrastructure provided by operators — and his arrest might not impact the LockBit operation too much.

The LockBit ransomware group continues to target major companies and one of the latest victims announced on the cybercrime gang’s website is German car parts giant Continental.

Continental revealed in August that it had been targeted in a cyberattack, but did not share too much information. The LockBit group is now claiming to have stolen 40 Gb of data from the company and is offering to sell it for $50 million after negotiations with the company apparently failed.

The LockBit operation has been active since 2019 and the LockBit 2.0 ransomware-as-a-service operation emerged in June 2021. LockBit has been one of the most active ransomware enterprises, accounting for nearly half of all ransomware attacks in the first half of 2022. The DoJ said LockBit members have made at least $100 million in ransom demands and obtained tens of millions of dollars in actual ransom payments from victims. 

In the past couple of years, police arrested tens of ransomware suspects around the world, including in South Korea, Kuwait, Ukraine, Romania, Latvia, Canada, Poland, Russia and Switzerland.

However, in many cases the arrested individuals are ransomware affiliates and the impact on the overall ransomware enterprise may turn out to be limited.

Related: Russian Man Extradited to US for Laundering Ryuk Ransomware Money

Related: U.S. Charges Two Suspected Major Ransomware Operators

Related: Russian Authorities Arrest Head of International Cybercrime Group

Related: Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine