BREAKING: Canadian Police Arrest Suspected LockBit Ransomware Gang Operator

Canadian police have arrested a Russian citizen they say is one of the world’s most prolific ransomware operators behind the LockBit ransomware gang. The arrest, if true, could be a major blow to the organization.

In a news release today, the European Interdisciplinary Platform Against Criminal Threats (EMPACT) said the man was named after an investigation led by the Gendarmerie Nationale, with support from Europol. No said he was arrested on Oct. 26 in a city in Ontario. RCMP, and he FBI.

A 33-year-old Russian citizen is believed to have deployed LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups around the world, the release states. He is known to have demanded a ransom of €70 million from his 5 million.

update: The person’s name was not revealed in the EMPACT release. However, the U.S. Department of Justice has issued a release to him named Mikhail Vasiliev, 33, of Bradford, Ontario. He has been detained in Canada and awaits extradition to the United States. Bradford is a town of about 24,000 that is less than an hour’s drive north of Toronto.

He was indicted by the United States for conspiracy to intentionally damage protected computers and send ransom demands. If convicted, he faces up to his five years in prison.

“This arrest is the result of a more than two-and-a-half-year investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” said U.S. Deputy Attorney General Lisa Monaco. “This is also the result of more than a decade of experience built by FBI agents, Department of Justice prosecutors, and our international partners in dismantling cyber threats. One caveat: the Department of Justice continues to work with partners around the world to thwart cyberthreats and hold perpetrators to account. It confuses, deters, and punishes.”

The arrest is a follow-up to actions carried out in Ukraine in October that led to the arrest of two of his accomplices.

During the arrest, Canadian police seized eight computers, 32 external hard drives and €400,000 of cryptocurrency, police said.

Brett Callow, a British Columbia-based threat researcher at Emsisoft, said the arrest was significant. “Ransomware groups do not exist in isolation. They work with access brokers, money launderers, etc., and this person can be a valuable source of information that can result in other people being arrested. It is also possible that this will terminate LockBit, the operation is effectively compromised and other cybercriminals will no longer trust it.”

According to BlackBerry researchers, LockBit ransomware has been involved in more cyberattacks than any other ransomware this year, making it the most active ransomware in the world.

According to BlackBerry, LockBit victims pay ransoms of around $85,000 on average, indicating that LockBit targets small and medium-sized organizations.

LockBit was first seen in September 2019. The current version, LockBit 3.0, was discovered in June 2022.

More coming.