Alleged LockBit ransomware operator arrested in Canada
A man with dual Russian and Canadian nationality has been arrested in connection with his alleged part in the LockBit ransomware conspiracy that has demanded more than $100 million from its victims.
LockBit has become one of the world's most active ransomware-as-a-service operations, working with affiliates to exfiltrate data from victims before encrypting files on compromised networks. If LockBit's victims refuse to pay their extortionists, their data is invariably published on the criminal group's leak website.
33-year-old Mikhail Vasiliev, is now in custody in Canada, awaiting extradition to the United States. His arrest comes following an investigation by the FBI and its international law enforcement parters that started in March 2020.
When Vasiliev's home in Bradford, Ontario, was searched by Canadian law enforcement in August 2022 they discovered a computer file called TARGETLIST that appeared to contain a list of past and prospective victims, including a business in New Jersey that was hit by LockBit in or around November 2021.
In addition, the criminal complaint against Vasiliev says that screenshots of end-to-end encrypted conversations with the Tux username "LockBitSupp" (assumed to be shorthand for "LockBitSupport") were uncovered, which contained multiple discussions related to the ransomware operation and communication with victims. Furthermore, source code for a program that would encrypt data, and photographs of a compuetr screen showing usernames and passwords for employees at an organisation hit by LockBit in January 2022.
During a further search on October 26, 2022, officers say they discovered Vasiliev in his garage, sat at a laptop computer. Tehy were able to restrain Vasiliev before he could lock the computer, and noted that it appeared to be logged in to a LockBit control panel.
Vasiliev is charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. If convicted, he could face up to five years in prison.
One of the LockBit group's most high profile victims was IT and consulting giant Accenture, which was struck in August 2021. The gang claimed to have stolen six terabytes of data from the company's network, and demanded a $50 million ransom.
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022