A 33-year-old Russian and Canadian national has been arrested in Canada over his role in LockBit ransomware attacks against critical infrastructure and major industrial groups worldwide.
The individual, Mikhail Vasiliev, was arrested in late October, Europol said on Thursday. He is described as one of the world’s most prolific ransomware operators and one of Europol’s high-value targets due to his involvement in many high-profile ransomware cases. Authorities said he demanded ransom payments ranging between €5 and €70 million.
The US Justice Department announced charges against the alleged cybercriminal, saying that he is awaiting extradition.
Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. He faces up to five years in prison.
Europol said two of the suspect’s accomplices were arrested in Ukraine in October 2021. The law enforcement agency said at the time that it could not name the ransomware group they were part of due to operational reasons.
While authorities describe the suspect as an “operator”, he may only be an affiliate — they conduct attacks using malware and infrastructure provided by operators — and his arrest might not impact the LockBit operation too much.
The LockBit ransomware group continues to target major companies and one of the latest victims announced on the cybercrime gang’s website is German car parts giant Continental.
Continental revealed in August that it had been targeted in a cyberattack, but did not share too much information. The LockBit group is now claiming to have stolen 40 Gb of data from the company and is offering to sell it for $50 million after negotiations with the company apparently failed.
The LockBit operation has been active since 2019 and the LockBit 2.0 ransomware-as-a-service operation emerged in June 2021. LockBit has been one of the most active ransomware enterprises, accounting for nearly half of all ransomware attacks in the first half of 2022. The DoJ said LockBit members have made at least $100 million in ransom demands and obtained tens of millions of dollars in actual ransom payments from victims.
In the past couple of years, police arrested tens of ransomware suspects around the world, including in South Korea, Kuwait, Ukraine, Romania, Latvia, Canada, Poland, Russia and Switzerland.
However, in many cases the arrested individuals are ransomware affiliates and the impact on the overall ransomware enterprise may turn out to be limited.
Related: Russian Man Extradited to US for Laundering Ryuk Ransomware Money
Related: U.S. Charges Two Suspected Major Ransomware Operators
Related: Russian Authorities Arrest Head of International Cybercrime Group
Related: Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
