LockBit affiliate behind major attacks arrested in Canada


The LockBit gang member is suspected of having targeted critical infrastructure companies globally, demanding tens of millions of dollars from victims.

Authorities arrested Mikhail Vasiliev, a 33-year-old Russian national, in Canada, suspected to be a major player in the LockBit ransomware cartel. Authorities suspect the man in custody was involved with LockBit ransomware, infecting critical infrastructure organizations and large industrial groups with malware.

“He is known for his extortionate ransom demands ranging between €5 to €70 million," Europol said in a press release.

ADVERTISEMENT

LockBit employs the ransomware-as-a-service (RaaS) model, taking a cut from the ransom its affiliates extort from victims. The gang leads the digital extortion underworld with the most extensive victim list by an overwhelming margin.

However, the wall might be closing in on the prominent cybercrime cartel. According to Europol, the recent arrest is a follow-up of last year’s bust in Ukraine, when local police arrested two accomplices of the Russian national.

The recent arrest took place in Ontario, Canada, where the 33-year-old suspect was seized in his home. Europol claims that authorities seized two firearms, eight computers, and 32 external drives together with €400k ($405k) in cryptocurrencies.

French, Canadian, and US authorities cooperated to get their hands on the suspect, who will face charges in the US.

Criminal leaders

A ransomware report by threat intelligence firm Digital Shadows shows that in the third quarter of 2022, LockBit and its affiliates accounted for over a third of all ransomware attacks involving organizations being posted to ransomware leak sites. Researchers attributed over 200 victims to LockBit.

Most recently, the gang claimed responsibility for hacking German automotive giant Continental. In late October, the gang breached Pendragon, UK’s second-largest car dealer, and demanded a $60M ransom.

ADVERTISEMENT

While LockBit is far from the only successful ransomware group, it has outlasted many competitors. Prominent groups like REvil, Darkside, and Cl0p came and went, either regrouping or disbanding.

More recently, the Conti ransomware gang seems to have closed up shop once at the top of the ransomware game. Meanwhile, LockBit has been active since 2019, releasing the second and third generations of malware.

Pundits think the gang’s success stems from the group’s ability to combine a business-oriented approach with specialized tech. For example, LockBit offers customer support services and a bug bounty program, both features of legitimate tech companies.