Authorities nab alleged member of LockBit ransomware-as-a-service group

Police recently took a swing at LockBit, one of the most prominent ransomware gangs on the planet, with the high-profile arrest of a member in Ontario, Canada.

In October, Canadian authorities working with their French, US, and Europol counterparts captured Mikhail Vasiliev, a national of both Canada and Russia, and charged him with conspiracy to “intentionally damage protected computers and tp transmit ransom demands.” They intend to extradite him to the US to face charges.

LockBit—the name of both the gang and its signature malware—was first spotted in the wild in 2019. The malware is distributed under the ransomware-as-a-service model, where its developers lease it out to other organizations for a slice of the profits, and LockBit has appeared particularly focused on assuring potential partners of its trustworthiness and excellent customer service. The Department of Justice (DOJ) alleges the group made tens of millions from attacks involving at least $100 million in demands.

According to a criminal complaint posted by the DOJ, investigators recovered computers across two raids containing extensive evidence such as alleged target lists. During the latter raid, police say they interrupted Vasiliev before he could lock a laptop containing a Bitcoin wallet and running a browser navigated to the LockBit login page.

Security firm MalwareBytes’s Threat Intelligence team recently released a report naming LockBit by far the most active among the ransomware strains it tracked in August 2022, with 62 identified attacks. The Record’s ransomware tracker, updated on the tenth of each month, lists well over 1,000 LockBit attacks since 2019.

MalwareBytes’s analysis also suggested that gangs like LockBit might be moving away from encrypting systems—due to an alleged drop in the number of victims willing to pay up—towards simply extorting them with threats to release stolen data.

While ransomware operators have historically been hard for authorities to track down due to jurisdictional issues, BleepingComputer noted Vasiliev’s arrest is the latest in a string of busts over the last year. The DOJ didn’t specify what attacks he is alleged to have been involved in, but Europol told Cyberscoop Vasiliev is one of its most “high-value targets due to his involvement in numerous high-profile ransomware cases.”—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @thetomzone on Twitter. Want to go encrypted? Ask Tom for his Signal.