A Canadian-Russian hacker who was leading large-scale ransomware attacks has been arrested in Ontario.
Updated yesterday at 5:25 p.m.
The Ontario Provincial Police (OPP) arrested Mikhail Vasiliev, 33, on October 26 at his home in Bradford. He allegedly attacked critical infrastructures and large industrial groups around the world using ransomware LockBit, one of the “most active and destructive”, according to a statement from the US Department of Justice. The United States has requested his extradition.
US prosecutors on Thursday released the complaint the FBI filed against him in New Jersey. The document explains how a “Canadian police force” searched Vasiliev’s house as early as August, before returning in October.
Mastered in time
“After entering the house, the Canadian police force discovered Vasiliev sitting in his garage at a table with a laptop, summarizes the complaint. The police then managed to subdue him before he could lock his computer. »
Ontario officers found LockBit system access screens on his device. After analysis, they also recovered a sentence serving as a password to access a bitcoin wallet. According to the FBI, it was used to receive payments from a ransomware victim.
In August, authorities had already found a file named “TARGETLIST” in Vasiliev’s house containing past or potential LockBit targets, including a New Jersey business attacked in November 2021. Police also found screenshots and words of password linked to employees of a “victim in Canada”, hacked in January 2022.
If extradited, Vasiliev faces up to five years in prison for “conspiracy to intentionally damage protected computers and transmit ransom demands,” the US Department of Justice said.
The OPP had already issued a statement in October to report its intervention at Vasiliev, as part of an “international operation against ransomware”. The only charges she brought against him, however, were for illegal possession of firearms and ammunition. He had been released on bail pending trial in December.
Joint survey with France
The European police collaboration agency, Europol, also issued a statement on Thursday before the Justice Department released the US complaint, but later withdrew it.
The agency mentioned a 33-year-old Russian, without naming him. According to Europol, Canadian police seized “two firearms, eight computers and 32 external hard drives”, as well as the equivalent of nearly $550,000 in cryptocurrencies from the defendant, “one of the most popular ransomware hackers prolific in the world.
“He is known for his ransom demands of 5 to 70 million euros” (7 to 95 million CAN), mentioned the text.
According to Europol, Vasiliev’s arrest came “following a complex investigation by the National Gendarmerie [de la France], with the support of Europol, the FBI and the Royal Canadian Mounted Police”. A first operation against two of his accomplices had already taken place in Ukraine, in September 2021.
At least 1000 victims
Appeared around January 2020, LockBit was used “against at least 1,000 victims in the United States and around the world,” the FBI reports. Gang members reportedly made ransom demands totaling more than US$100 million and obtained tens of millions in payouts.
US police had been investigating LockBit since March 2020.
As with most other ransomware, the gang exploiting it penetrates the targeted computer system, steals sensitive information from it, then encrypts it to lock access to its owner. LockBit then demands a ransom from the victim to regain access to the data, otherwise he threatens to publish it online.
The operation is another blow for ransomware operators operating from Canada. In October, a Florida judge sentenced Quebec drug trafficker and cyberhacker Sébastien Vachon-Desjardins to 20 years in prison. This former federal official from Gatineau received 21.5 million by exploiting the ransomware netwalkerone of the worst in the world, now dismantled.