Canadian Arrests Russian Man Involved in LockBit Ransomware Attacks

Law enforcement officials said that the last month, 33-year-old Russian Mikhail Vasiliev was arrested in Canada and the authorities believe he was involved in LockBit ransomware attacks that affected “critical infrastructure and large industrial enterprises around the world.”

Apparently, Vasiliev was one of the “partners” of the group behind the creation of LockBit.

The operation and investigation that resulted in the arrest of the suspect involved the French National Gendarmerie, Europol, the FBI, and the Royal Canadian Mounted Police.

During a search of the suspect’s home, law enforcement officials seized eight computers and 32 external hard drives, two firearms, and €400,000 worth of cryptocurrency.

Europol adds that this LockBit operator “was one of the high-priority targets, as it was involved in many high-profile ransomware attacks” and also “distinguished itself” by trying to extort ransoms from victims ranging from 5 to 70 million euros.

Although Europol describes Vasiliev as an “operator” of LockBit, he was most likely only a “partner” of the malware developers and not the head of operations. As security experts have already noted, a representative of the LockBit group, known under the nickname LockBitSupp, posted messages on hacker forums yesterday, as if any incident happened. And even the leak of the LockBit 3.0 builder has not yet stopped the activities of cybercriminals from this group.

The US Department of Justice also issued its own press release on the arrest. In the attached court documents, it is reported that Vasiliev has dual citizenship of Russia and Canada, and in August 2022, during a search of his house, Canadian law enforcement officers found screenshots from Tox, where the suspect communicated with LockBitSupp; instructions on how to deploy a Linux/ESXi ransomware; malware source code; as well as “computer screen photographs of usernames and passwords for various platforms owned by employees of a LockBit victim company in Canada that was subjected to a confirmed LockBit attack in January 2022.”