2 min read

Alleged LockBit ransomware operator arrested in Canada

Graham CLULEY

November 11, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Alleged LockBit ransomware operator arrested in Canada

A man with dual Russian and Canadian nationality has been arrested in connection with his alleged part in the LockBit ransomware conspiracy that has demanded more than $100 million from its victims.

LockBit has become one of the world's most active ransomware-as-a-service operations, working with affiliates to exfiltrate data from victims before encrypting files on compromised networks.  If LockBit's victims refuse to pay their extortionists, their data is invariably published on the criminal group's leak website.

33-year-old Mikhail Vasiliev, is now in custody in Canada, awaiting extradition to the United States.  His arrest comes following an investigation by the FBI and its international law enforcement parters that started in March 2020.

When Vasiliev's home in Bradford, Ontario, was searched by Canadian law enforcement in August 2022 they discovered a computer file called TARGETLIST that appeared to contain a list of past and prospective victims, including a business in New Jersey that was hit by LockBit in or around November 2021.

In addition, the criminal complaint against Vasiliev says that screenshots of end-to-end encrypted conversations with the Tux username "LockBitSupp" (assumed to be shorthand for "LockBitSupport") were uncovered, which contained multiple discussions related to the ransomware operation and communication with victims.  Furthermore, source code for a program that would encrypt data, and photographs of a compuetr screen showing usernames and passwords for employees at an organisation hit by LockBit in January 2022.

During a further search on October 26, 2022, officers say they discovered Vasiliev in his garage, sat at a laptop computer.  Tehy were able to restrain Vasiliev before he could lock the computer, and noted that it appeared to be logged in to a LockBit control panel.

Vasiliev is charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. If convicted, he could face up to five years in prison.

One of the LockBit group's most high profile victims was IT and consulting giant Accenture, which was struck in August 2021.  The gang claimed to have stolen six terabytes of data from the company's network, and demanded a $50 million ransom.

Other LockBit victims have included Merseyrail, the railway network serving Liverpool and its surroundings in the UK, and most recently German autoparts manufacturer Continental.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Rackspace customers rage following ransomware attack, as class-action lawsuits filed Rackspace customers rage following ransomware attack, as class-action lawsuits filed
Graham CLULEY

December 09, 2022

3 min read
2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor 2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor
Silviu STAHIE

December 07, 2022

1 min read
Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read