Alleged LockBit operator to face new cybercrime charges in Canada

A man facing extradition to the United States for his alleged role as a LockBit ransomware administrator is up against new cybercrime charges in Ontario.

Mikhail Vasiliev, a 33-year-old Canadian-Russian dual national, was first arrested in October 2022 at his home in Bradford, Ontario as part of an international operation involving European, American and Canadian authorities. He was subsequently charged by the U.S. Department of Justice with conspiracy to intentionally damage protected computers and to transmit ransom demands.

At the time, Canadian authorities also charged Vasiliev in relation to weapons found at his home. According to Canadian broadcaster CTV News, he was arrested again while out on bail on December 14 by Ontario Provincial Police and charged with three counts of extortion, three counts of unauthorized use of a computer and failure to comply with a release order.

He is scheduled to hear the charges on Tuesday in a court in Orillia, Canada. An extradition hearing is also reportedly scheduled for late February.

Vasiliev’s arrest last year was presented as a breakthrough in a years-long investigation into the prolific LockBit ransomware group dating back to early 2020. When police arrived at his home, they found Vasiliev in his garage on his laptop, which they were able to seize before he locked it.

One open tab was for a LockBit login page, the DOJ said. Police confiscated several firearms, eight computers and 32 external hard drives, along with about $405,000 in cryptocurrency. They were able to analyze Vasiliev’s bitcoin wallet, finding payments to an account within his wallet allegedly connected to a ransom payment.

Vasiliev’s home was also searched months before his arrest, the DOJ said, when investigators found an alleged “target list” on one of his devices with “a list of what appears to be either prospective or historical cybercrime victims,” including a New Jersey business hit with LockBit ransomware in 2021.

They also allegedly found screenshots of conversations on a messaging platform with “LockBitSupport,” instructions for deploying LockBit ransomware, source code for a data encryption program, usernames and a photograph of passwords belonging to employees of a known LockBit victim.

Vasiliev’s arrest was one in a string of law enforcement operations against the group. In June, U.S. law enforcement arrested another Russian national accused of having LockBit ties — Ruslan Astamirov, from Chechnya, who allegedly carried out at least five attacks using LockBit ransomware.

Since the outfit emerged in early 2020, LockBit operators have executed thousands attacks against victims around the world.

In June, cybersecurity agencies around the world issued a statement warning that LockBit is one of the biggest cybersecurity threats that governments and other organizations face. In the U.S., it was responsible for one out every six cyberattacks on a government agency last year, the Cybersecurity and Infrastructure Security Agency (CISA) said.

The group has also targeted public higher education and K-12 schools, as well as emergency services.