A dual citizen of Canada and Russia accused of being part of the “world’s most prolific ransomware operators” has been arrested north of Toronto.
Mikhail Vasiliev, a 33-year-old living in Bradford, Ont., was taken into custody two weeks ago at a residence where authorities also say they seized handguns and cryptocurrency. On Thursday, authorities in Canada, the United States and Europe unveiled charges against him, alleging he is a key player in LockBit – a criminal hacking enterprise that seizes, scrambles and threatens to leak corporate data unless ransoms are paid.
The LockBit ransomware group has been operating for three years, according to law-enforcement agencies who also say that it has demanded at least $100-million in ransoms from more than 1,000 victims.
“LockBit ransomware has been implicated in more cyberattacks this year than any other ransomware,” the Canadian technology company BlackBerry said on its security blog a few months ago.
BlackBerry also says that LockBit’s “ransomware as a service” business model is representative of several hacking groups that seemed to be aligned with Russia. “The malware is designed to attack victims in the United States, Canada, Europe, Asia, and Latin America. LockBit 2.0 ignores systems in the Commonwealth of Independent States and most Eastern Europe nations, with the notable exception of Ukraine.”
Different jurisdictions released statements Thursday describing their respective roles in the international investigation that led to the arrest of Mr. Vasiliev.
Ontario Provincial Police said its detectives took him into custody on Oct. 26 and charged him with weapons offences. “Investigators seized evidence related to a cross-border ransomware investigation, as well as two prohibited firearms,” the OPP statement said.
Court records show Mr. Vasiliev was released on bail on Oct. 31.
He was then re-arrested Wednesday on a U.S. extradition warrant. The American allegations are that he conspired with others to intentionally damage protected computers and also transmitted ransom demands.
Prosecutors in New Jersey have now unsealed a court-filed criminal complaint, supported by a sworn statement from U.S. Federal Bureau of Investigation agent Matthew Haddad.
These U.S. documents said American authorities had been investigating the LockBit ransomware group for more than two years with the help of police in Canada – including through searches of Mr. Vasiliev’s house in Bradford in August and again in October.
U.S. authorities say they recovered computer files including “a list of what appears to be either prospective or historical cybercrime victims” and electronic communications with a LockBit victim located in Malaysia. They also say they uncovered a trail of bitcoin payments from ransomware victims to accounts controlled by the suspect.
A police agency in Europe on Thursday released a third statement saying that Mr. Vasiliev is part of “one of the world’s most prolific ransomware operators.”
Europol’s statement said that after two LockBit suspects were arrested in Ukraine a year ago, detectives from around the world started beating a trail to Canada. “Investigators from the French Gendarmerie, the U.S. FBI and Europol’s European Cybercrime Centre (EC3) were deployed to Ontario to jointly conduct investigative measures with the Canadian law enforcement authorities.”
Louis Strezos, an Ontario lawyer representing Mr. Vasiliev, told The Globe that he could not comment on the case.
Colin Freeze