Canadian police arrest suspected LockBit ransomware operator (updated)
Is the end of LockBit near? First an irate developer leaked the builder code for LockBit 3.0 code on GitHub in September. And now one of their big operators has been arrested in Canada.
Howard Solomon reports:
Canadian police have arrested a Russian citizen who they say is one of the world’s most prolific ransomware operators behind the LockBit ransomware gang. If true the arrest could be a big blow to the organization.
In a news release today, the European Multidisciplinary Platform Against Criminal Threats (EMPACT) said the man was arrested October 26th in an unnamed Ontario city, following an investigation led by the French National Gendarmerie (Gendarmerie Nationale), with the support of Europol, the RCMP, and the FBI.
Read more at ITWorld.
The arrest is reportedly a follow-up to an action carried out in Ukraine which led to the arrests of two of his accomplices.
DataBreaches reached out to LockBitSupp on via Tox, but no reply was immediately available.
Update: Here is the press release from the DOJ:
Man Charged for Participation in LockBit Global Ransomware Campaign
A criminal complaint filed in the District of New Jersey was unsealed today charging a dual Russian and Canadian national for his alleged participation in the LockBit global ransomware campaign.
Mikhail Vasiliev, 33, of Bradford, Ontario, Canada, is in custody in Canada and is awaiting extradition to the United States.
“This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco. “It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats. Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. With our partners, we will use every available tool to disrupt, deter, and punish cyber criminals.”
“Yesterday’s successful arrest demonstrates our ability to maintain and apply relentless pressure against our adversaries,” said FBI Deputy Director Paul Abbate. “The FBI’s persistent investigative efforts, in close collaboration with our federal and international partners, illustrates our commitment to using all of our resources to ensure we protect the American public from these global cyber threat actors.”
According to court documents, LockBit is a ransomware variant that first appeared in or around January 2020. It has become one of the most active and destructive ransomware variants in the world. Since first appearing, LockBit has been deployed against at least as many as 1,000 victims in the United States and around the world. LockBit members have made at least $100 million in ransom demands and have extracted tens of millions of dollars in actual ransom payments from their victims. The FBI has been investigating the LockBit conspiracy since in or around March 2020.
According to court documents, Vasiliev allegedly participated in the LockBit campaign. He is charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. If convicted, he faces a maximum of five years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division, U.S. Attorney Philip R. Sellinger for the District of New Jersey, Assistant Director Bryan Vorndran of the FBI’s Cyber Division, and Special Agent in Charge James Dennehy of the FBI Newark Field Office made the announcement.
Trial Attorneys Jessica C. Peck and Jorge Gonzalez of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Andrew M. Trombly and David E. Malagold of the Cybercrime Unit for the District of New Jersey are prosecuting the case, with assistance from the U.S. Attorney’s Office for the Northern District of Georgia and the U.S. Attorney’s Office for the Western District of Pennsylvania.
The case is being investigated by the FBI Newark Field Office, Newark Cyber Crimes Task Force, with assistance from the FBI Atlanta Field Office, the FBI Pittsburgh Field Office, the FBI Miami Field Office, the FBI’s Legal Attaché-Ottawa, the Jersey City Police Department, the New Jersey State Police, and the New Jersey Office of Homeland Security and Preparedness. The Justice Department’s Office of International Affairs has also provided valuable assistance.
A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
Source: Department of Justice
The press release from the U.S. Attorney’s Office for the District of New Jersey can be found here. The case may have been unsealed but it is not showing up in PACER as of the time of this update.