January 30, 2023

On November 10th, Europol announced the arrest of a 33-year-old Russian-Canadian national Mikhail Vasiliev for his alleged participation in the LockBit global ransomware campaign. That ransomware attacked the critical infrastructure of organizations and high-profile companies worldwide.

Vasiliev is in custody in Canada and is awaiting extradition to the United States. The United States Department of Justice has charged Vasiliev with “conspiracy to damage protected computers and to transmit ransom demands” and if convicted, can face a maximum of 5 years in prison.

The French National Gendarmerie led the investigation with the help of Europol’s European Cybercrime Centre, Canadian Royal Canadian Mounted Police (RCMP) and the FBI.

According to Europol, the LockBit operator was one of Europol’s high-value targets because of his involvement in many high-profile ransomware cases.

Charged for his alleged participation in Ransomware attacks

According to the criminal complaint, there were 2 raids at Vasiliev’s Ontario home, the first in August 2022 and the other in October. During the first raid, the police found screenshots of encrypted messages with a user named ‘LockBitSupp,’ instructions on how to deploy the LockBit’s Linux/ESXi locker and the malware’s source code. As well as sensitive information belonging to employees of a confirmed LockBit victim from January 2022.

In the second raid, the police caught Vasiliev before he could lock his laptop. Thus allowing for a more thorough search of his laptop. The investigators found a file named “TARGETLIST”. Which is believed to be a list of prospective victims and an open browser tab named “LockBit LOGIN” hosted on the dark web.

With the help of Vasiliev’s bitcoin holdings, authorities could connect him to the criminal scheme. Blockchain analysis of a Bitcoin wallet found in his home revealed the wallet received a payment of 0.80574055 BTC on February 5th, 2022. The investigators traced back the funds for this transaction to a ransom payment of 2.8759 BTC made by a LockBit victim.

See also  Phishing Campaign Spoofs Google Translate To Steal Your Credentials

This arrest follows a similar action in Ukraine in October 2021, when a joint operation involving the FBI, the French police, and the Ukrainian National Police led to the arrest of two of his accomplices.

What are LockBit Ransomware Attacks?

LockBit ransomware is malicious self-spreading software designed to block users’ access to their computer system for a ransom payment. Hackers use this ransomware for targeted attacks against enterprises and other organizations. First discovered in 2020, LockBit has become one of the most active ransomware variants. Accounting for about 44% of all ransomware campaigns so far this year.