Man charged for role in LockBit ransomware operation

The U.S. DoJ charged a Russian-Canadian national for his alleged role in LockBit ransomware attacks against organizations worldwide.

The U.S. Department of Justice (DoJ) charged Mikhail Vasiliev, a dual Russian and Canadian national, for his alleged participation in the LockBit ransomware operation.

According to the press release published by DoJ, the man is currently in custody in Canada and is awaiting extradition to the United States.

“This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco. “It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats. Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. With our partners, we will use every available tool to disrupt, deter, and punish cyber criminals.”

The Lockbit ransomware gang has been active since at least 2019 and today it is one of the most active ransomware gangs. In June 2022, its operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments.

LockBit targeted at least 1,000 victims worldwide and the gang earned tens of millions of dollars in actual ransom payments from their victims.

Vasiliev is charged with conspiracy to intentionally damage protected computers and to transmit ransom demands.

The man could face a maximum of five years in prison in case it will be convicted.

“Vasiliev allegedly participated in the LockBit campaign. He is charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. If convicted, he faces a maximum of five years in prison.” reads the press release published by DoJ.

During the October 2022 search of Vasiliev’s home, Canadian law enforcement discovered a seed phrase for a Bitcoin wallet address. The analysis of the wallet revealed that, on or about February 5, 2022, it received a payment of approximately 0.80574055 BTC originating from a ransom payment of 2.8759 BTC made around six hours earlier by a confirmed LockBit victim to a wallet address provided by the ransomware conspirators.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Lockbit ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]