Alleged LockBit operator to be extradited from Canada to U.S.

An alleged member of the notorious LockBit ransomware group is being extradited to the United States, according to a statement from the Justice Department.

Mikhail Vasiliev – a 33-year-old Russian and Canadian national living in Bradford, Ontario – is currently in custody in Canada and is facing charges related to his involvement with LockBit. The Justice Department unsealed a criminal complaint filed in the District of New Jersey charging Vasiliev with participating in LockBit’s attacks. 

FBI Deputy Director Paul Abbate noted that Vasiliev was arrested on Wednesday. U.S. Deputy Attorney General Lisa O. Monaco said Vasiliev’s arrest was the result of a nearly three-year investigation into the ransomware gang, which has quickly taken over as one of the most lucrative ransomware operations in the world. 

LockBit has operated since at least January 2020 and the Justice Department called it “one of the most active and destructive ransomware variants in the world.”

According to the DOJ, its ransomware has been deployed against at least 1,000 victims in the United States and other countries – with members of the group bringing in millions from ransoms.

Vasiliev is facing several charges, including conspiracy to intentionally damage protected computers and to transmit ransom demands. He faces a maximum sentence of five years in prison if convicted. 

“Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. With our partners, we will use every available tool to disrupt, deter, and punish cyber criminals,” Monaco said.

LockBit was linked to 82 attacks in August, bringing its total number of victims to 1,111, according to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums, and other sources.

French police said the group was behind a crippling attack on a hospital about an hour south-east of Paris last month, which disrupted its medical imaging, patient admissions, and other services. About one-third of ransomware attacks targeting industrial systems in the second quarter were attributed to LockBit, according to cybersecurity firm Dragos.

The group has seen a spike in activity since June, when it launched a new version — what it calls “LockBit 3.0” — that allegedly included technical improvements and a bug bounty program that offered rewards for ways to improve the ransomware operation.