Jump to content
  • Russian LockBit ransomware operator arrested in Canada

    alf9872000

    • 309 views
    • 4 minutes
     Share


    • 309 views
    • 4 minutes

    Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide.

     

    The suspect was arrested in Ontario, Canada, last month following an investigation led by the French National Gendarmerie with the help of Europol's European Cybercrime Centre (EC3), the FBI, and the Canadian Royal Canadian Mounted Police (RCMP).

    "One of the world's most prolific ransomware operators has been arrested on 26 October in Ontario, Canada," Europol said today.

     

    "A 33-year old Russian national, the suspect is believed to have deployed the LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups across the world."

     

    Law enforcement agents also seized eight computers and 32 external hard drives, two firearms, and €400,000 worth of cryptocurrency from the suspect's home, 

     

    Europol added that this LockBit operator "was one of Europol's high-value targets due to his involvement in numerous high-profile ransomware cases," and he is known for trying to extort victims with ransom demands between €5 to €70 million.

     

    While Europol describes the suspect as an 'operator' of the LockBit ransomware, he is likely an affiliate rather than a manager of the cybercrime operation.

     

    Furthermore, the public-facing LockBit representative known as 'LockBitSupp' was posting in hacker forums as recently as yesterday.

    Charged for participation in LockBit ransomware attacks

    The U.S. Department of Justice (DOJ) said in a press release published today that the 33-year-old suspect's name is Mikhail Vasiliev, a dual Russian and Canadian national from Bradford, Ontario, Canada. 

     

    According to the criminal complaint, in an August 2022 search of his home, Canadian law enforcement also found screenshots of Tox exchanges with 'LockBitSupp,' instructions on how to deploy the LockBit's Linux/ESXi locker and the malware's source code, as well as "photographs of a computer screen showing usernames and passwords for various platforms belonging to employees of a LockBit victim in Canada, which suffered a confirmed LockBit attack in or about January 2022."

     

    He is now awaiting extradition to the United States for his alleged participation in the LockBit global ransomware campaign.

     

    Vasiliev was charged with conspiracy to transmit ransom demands and to intentionally damage protected computers. He faces a maximum of five years of incarceration if convicted.

     

    "This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world," Deputy Attorney General Lisa O. Monaco said today.

     

    "It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats." 

    Stream of ransomware operator arrests

    This arrest follows a similar action in Ukraine in October 2021 when a joint international law enforcement operation involving the FBI, the French police, and the Ukrainian National Police led to the arrest of two of his accomplices.

     

    While announcements from Europol and the Ukrainian police described the suspects as members of a top-tier ransomware gang, Europol told BleepingComputer at the time that they could not name the group for operational reasons.

     

    "Both these individuals were part of the same group which focused not only on ransom attacks, but also laundered criminal funds," Europol said.

     

    Both suspects were arrested in Kyiv, Ukraine, with one of them described as a 25-year-old male "hacker."

     

    Last year, the Ukrainian police also arrested other suspects believed to be members of the Clop and Egregor ransomware operations.

     

    Europol also announced in October 2021 that law enforcement agencies apprehended 12 suspects in Ukraine and Switzerland believed to be linked to LockerGoga, MegaCortex, and Dharma ransomware attacks that affected more than 1,800 victims in 71 countries.

     

    Update November 10, 12:13 EST: Added more info from DOJ press release and criminal complaint.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    This is now closed for further comments

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...