US Department of Justice Charges LockBit Ransomware Suspect
US law enforcement has charged a dual Russian and Canadian national for allegedly participating in the LockBit ransomware attacks. LockBit has become a destructive ransomware family that has been used in attacks against at least 1,000 victims in the United States and around the world.
The 33-year-old Mikhail Vasiliev is being held in Canada pending extradition to the United States. The Department of Justice (DoJ), in a statement on Thursday, accused Vasiliev specifically of conspiracy to intentionally damage protected computers and transmit ransom demands. He faces a maximum of five years in prison if convicted.
Assistant Attorney General Lisa Monaco said in a statement that the arrest was the result of more than two and a half years of investigation into the LockBit ransomware group.
“It is also the result of more than a decade of experience that FBI agents, Justice Department prosecutors and our international partners have built to dismantle cyber threats,” Monaco said. “Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. Together with our partners, we will use all available tools to disrupt, deter and punish cybercriminals. »
LockBit first appeared in January 2020 and has since become one of the most active ransomware groups, especially after the Conti Group shut down its operations and shut down all of its servers in 2022. Ransomware operators reported tens of millions of dollars in ransom payments to victims. Over the past year, LockBit has targeted various organizations around the world, including Chile, Italy, and the UK, with researchers tracking a variant of LockBit targeting VMware’s ESXi virtual machine platform. , as well as several LockBit intrusions attributed to a threat. cluster sharing many overlaps with well-known cybercriminal group Evil Corp.
Brett Callow, threat analyst at Emsisoft, said the arrest could give law enforcement additional information about how Operation LockBit works and who was involved. Knowing this, “I will be very surprised if LockBit continues to operate under this brand name for much longer,” Callow said.
Over the past year, the United States has made several concerted efforts to root out key executives, operators, or affiliates associated with ransomware attacks. The State Department, for example, has offered a slew of rewards for information about members of various ransomware groups, including previous rewards totaling $15 million for the Conti group, $15 million for the DarkSide ransomware and $15 million for the Sodinokibi (REvil) group.
However, the actual arrest of these people often justifies international cooperation between various law enforcement agencies – which is sometimes difficult when dealing with cybercriminals protected by safe haven countries, allowing them to operate freely within their borders without consequence. In the case of Vasiliev, who was arrested in Canada, the United States had the assistance of the French National Gendarmerie, the European Union Law Enforcement Cooperation Agency (Europol) and of the Royal Canadian Mounted Police.
Overall, “the more people are arrested, the more information law enforcement will have at their disposal,” Callow said. “In some cases, this will help point to other ransomware operators and allow them to be arrested or disrupt their operations.”