A 33-year-old Russian and Canadian national has been arrested in Canada over his role in LockBit ransomware attacks against critical infrastructure and major industrial groups worldwide.
The individual, Mikhail Vasiliev, was arrested in late October, Europol said on Thursday. He is described as one of the world’s most prolific ransomware operators and one of Europol’s high-value targets due to his involvement in many high-profile ransomware cases. Authorities said he demanded ransom payments ranging between €5 and €70 million.
The US Justice Department announced charges against the alleged cybercriminal, saying that he is awaiting extradition.
Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. He faces up to five years in prison.
Europol said two of the suspect’s accomplices were arrested in Ukraine in October 2021. The law enforcement agency said at the time that it could not name the ransomware group they were part of due to operational reasons.
While authorities describe the suspect as an “operator”, he may only be an affiliate — they conduct attacks using malware and infrastructure provided by operators — and his arrest might not impact the LockBit operation too much.
The LockBit ransomware group continues to target major companies and one of the latest victims announced on the cybercrime gang’s website is German car parts giant Continental.
Continental revealed in August that it had been targeted in a cyberattack, but did not share too much information. The LockBit group is now claiming to have stolen 40 Gb of data from the company and is offering to sell it for $50 million after negotiations with the company apparently failed.
The LockBit operation has been active since 2019 and the LockBit 2.0 ransomware-as-a-service operation emerged in June 2021. LockBit has been one of the most active ransomware enterprises, accounting for nearly half of all ransomware attacks in the first half of 2022. The DoJ said LockBit members have made at least $100 million in ransom demands and obtained tens of millions of dollars in actual ransom payments from victims.
In the past couple of years, police arrested tens of ransomware suspects around the world, including in South Korea, Kuwait, Ukraine, Romania, Latvia, Canada, Poland, Russia and Switzerland.
However, in many cases the arrested individuals are ransomware affiliates and the impact on the overall ransomware enterprise may turn out to be limited.
Related: Russian Man Extradited to US for Laundering Ryuk Ransomware Money
Related: U.S. Charges Two Suspected Major Ransomware Operators
Related: Russian Authorities Arrest Head of International Cybercrime Group
Related: Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
