A Russian-Canadian dual citizen has been arrested on suspicion of being involved in a LockBit ransomware conspiracy that demanded over $100 million from victims.
LockBit has become one of the most active ransomware-as-a-service operations in the world, working with affiliates to exfiltrate data from victims before encrypting files on compromised networks. Whenever a LockBit victim refuses to pay the extortionist, their data is exposed on the criminal group’s leak website.
Mikhail Vasiliev, 33, is currently in custody in Canada awaiting extradition to the United States. His arrest follows an investigation by his FBI and its international law enforcement agencies that began in March 2020.
When Canadian law enforcement searched Vasiliev’s home in Bradford, Ontario in August 2022, they found a computer file called TARGETLIST. The file appears to contain a list of past and future victims, including a New Jersey company affected by LockBit. November 2021.
Additionally, the criminal complaint against Vasiliev found screenshots of end-to-end encrypted conversations with Tux’s username “LockBitSupp” (assumed to be a short form of “LockBitSupport”), which allegedly ransomware It stated that it contained multiple discussions related to the operation and communications of with victims. In addition, the source code of a program that encrypts data and a picture of a computer screen showing the usernames and passwords of employees of the organization he was attacked by LockBit in January 2022.
During a further search on October 26, 2022, officers say they found Vasiliev sitting at a laptop computer in the garage. Tehy pointed out that Vasiliev was able to restrain him before locking his computer and appeared to be logged into the LockBit control panel.
Vasiliev is charged with conspiracy to intentionally damage protected computers and send ransom demands. If convicted, he could face up to his five years in prison.
One of the LockBit Group’s most high-profile victims was IT and consulting giant Accenture. August 2021The gang claimed to have stolen 6 terabytes of data from the company’s network and demanded a ransom of $50 million.
Other LockBit victims include merge railthe rail network serving Liverpool and its environs in England, and more recently a German auto parts maker continental.