A 33-year old Russian national suspected of having deployed the LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups across the world was arrested in Canada and US authorities have filed criminal charges against him after an international investigation by European, American, and Canadian police.
U.S. Attorney Philip R. Sellinger, Deputy Attorney General Lisa O. Monaco, Assistant Attorney General Kenneth A. Polite, and FBI-Newark Special Agent in Charge James E. Dennehy announced today that a Russian and Canadian national has been charged with participating in the LockBit global ransomware campaign, allegedly responsible for ransom demands ranging between $7 million to $95 million.
Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, is charged by complaint unsealed today in Newark federal court with conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection with doing so.
He was arrested Nov. 9, 2022, is awaiting extradition proceedings to bring him to the District of New Jersey.
Europol has announced the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide.
The suspect was arrested in Ontario, Canada, last month following an investigation led by the French National Gendarmerie with the help of Europol’s European Cybercrime Centre (EC3), the FBI, and the Canadian Royal Canadian Mounted Police (RCMP).
“One of the world’s most prolific ransomware operators has been arrested on 26 October in Ontario, Canada,” said a release from Europol, the European Union Agency for Law Enforcement Cooperation.
Law enforcement agents also seized eight computers and 32 external hard drives, two firearms, and $400,000 worth of cryptocurrency from the suspect’s home.
According to the criminal complaint, in an August 2022 search of his home, Canadian law enforcement also found screenshots of Tox exchanges with ‘LockBitSupp,’ instructions on how to deploy the LockBit’s Linux/ESXi locker and the malware’s source code, as well as “photographs of a computer screen showing usernames and passwords for various platforms belonging to employees of a LockBit victim in Canada, which suffered a confirmed LockBit attack in or about January 2022.”
“International ransomware threats like LockBit are the most pressing cybercrime challenge facing law enforcement today,” said Sellinger. “These attacks cause disruption and damage to their victims that far exceed the dollar figures of ransom demands or payments, which are themselves significant. However, the United States is up for this challenge and will use all legal means to find the perpetrators of these attacks and bring them to justice.”
“This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco. “It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats. Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. With our partners, we will use every available tool to disrupt, deter, and punish cyber criminals.”
“Cyber criminals who damage protected systems, exploit privileged information, or hold for ransom important files and data are a threat to our way of life,” said FBI-Newark Special Agent in Charge James E. Dennehy. “The FBI will not stand idly by while companies and government entities are bled dry or while their systems are corrupted by these criminal opportunists. We will utilize every tool in our arsenal – including our global partnerships – to shut down these types of schemes.”
According to documents filed in this case and statements made in court, LockBit is a ransomware variant that first appeared as early as January 2020 and has been deployed against over 1,000 victims in the United States and around the world.
LockBit members have made at least $100 million in ransom demands to those victims and have extracted tens of millions of dollars in actual ransom payments from those victims.
The FBI has been investigating the LockBit conspiracy since in or around March 2020.
Vasiliev participated in the LockBit campaign by conspiring with others to intentionally damage protected computers and to transmit ransom demands.
The charge of conspiring to intentionally damage protected computers and to transmit ransom demands is punishable by a maximum of five years in prison and a maximum fine of $250,000, or twice the gross pecuniary gain or loss from the scheme, whichever is greatest.
U.S. Attorney Sellinger credited the Newark Cyber Crimes Task Force, under the direction of Special Agent in Charge Dennehy, with the investigation leading to the charges. U.S. Attorney Sellinger also thanked FBI Atlanta, FBI Pittsburgh, FBI Miami, the FBI’s Legal Attaché-Ottawa, the Jersey City Police Department, New Jersey State Police, New Jersey Office of Homeland Security and Preparedness, and members of the U.S. Attorney’s Office for the Northern District of Georgia and of the U.S. Attorney’s Office for the Western District of Pennsylvania for their assistance. The Justice Department’s Office of Affairs provided valuable assistance in securing Vasiliev’s arrest.
The government is represented by Assistant U.S. Attorneys Andrew M. Trombly and David E. Malagold of the Cybercrime Unit in Newark and by Trial Attorney Jessica C. Peck of the Computer Crime and Intellectual Property Section in Washington, D.C.
The charges and allegations contained in the complaint are merely accusations, and the defendant is presumed innocent unless and until proven guilty.