Federal prosecutors on Thursday charged a dual Russian and Canadian national for his alleged participation in a global campaign to spread ransomware known as LockBit.
Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, was taken into custody in late October by authorities in Ontario, officials at Interpol said. He is now in custody in Canada awaiting extradition to the US.
Federal prosecutors alleged Vasiliev helped infect networks around the world with LockBit. Officials with Europol said he is among the law enforcement group’s highest-value targets because of the large number of high-profile ransomware attacks he was involved in.
LockBit was first seen in September 2019 and very quickly stood out among competing ransomware families. Whereas most are manually operated, LockBit largely automated its tasks, a trait that allowed it to propagate with minimal human oversight following the initial point of compromise. To date, it has been used against more than 1,000 organizations in the US and around the world.
LockBit is sold in underground broker forums that often require sellers to put up a deposit that customers can recover in the event that the wares don’t perform as advertised. In a testament to their confidence and determination, the LockBit sellers had paid out almost $75,000 as of May 2020.
Like most other modern ransomware, LockBit operates under a RaaS—short for ransomware-as-a-service—model, in which ransomware developers lease their ransomware to affiliates who receive a share of ransom payments from successful attacks. As is the case with most ransomware today, LockBit operates under a dual extortion scheme. Victims who don’t pay lose access to gigabytes or terabytes of files and see their private data circulated on a site on the dark web, where anyone can find it.
Vasiliev is charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. If convicted, he faces a maximum of five years in prison. It’s not known if or when the defendant will offer a plea in court.
Vasiliev was arrested by the Canadian Mounted Police, who were accompanied by investigators from the French Gendarmerie, the FBI, and Europol’s European Cybercrime Center. Police seized two firearms, eight computers, 32 external hard drives, and about $405,000 in cryptocurrencies. His arrest follows the September 2021 arrest of two of his accomplices.
Authorities have been investigating LockBit since early 2020.
The “successful arrest demonstrates our ability to maintain and apply relentless pressure against our adversaries,” said FBI Deputy Director Paul Abbate. “The FBI’s persistent investigative efforts, in close collaboration with our federal and international partners, illustrates our commitment to using all of our resources to ensure we protect the American public from these global cyber threat actors.”
https://arstechnica.com/?p=1897321