DOJ charges accused Lockbit ransomware actor

A Canadian man faces criminal charges in the U.S. after allegedly acting as an agent for the LockBit ransomware crew.

Mikhail Vasiliev, a 33-year-old resident of Bradford, Ontario, was arrested by Canadian police Wednesday and is now facing extradition to the U.S. on multiple criminal charges.

According to the U.S. Department of Justice (DOJ), Vasilev was part of the notorious ransomware crew and could face up to five years in prison for what authorities term "conspiracy to intentionally damage protected computers and to transmit ransom demand." The DOJ said Vasilev has dual Russian citizenship; the LockBit gang, like many ransomware-as-a-service operations, is composed of Russian-speaking threat actors.

While the DOJ did not provide the details on what Vasilev's exact role in the ransomware gang was, the charges outlined by the DOJ suggest Vasilev was a possible operator in the group rather than an affiliate. Most RaaS operations have multiple parties, including ransomware authors and operators as well as affiliate hackers who commit the attacks and access brokers who provide the initial attack vector for affiliates.

"This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world," said Deputy Attorney General Lisa Monaco in a statement announcing the arrest.

"It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats."

The charges are also noteworthy, being a rare time in which a North American resident has been hit with criminal counts related to a major ransomware operation. The operators and affiliates of ransomware groups are often based overseas, far from the grips of Western authorities.

The arrest could deal a significant blow to what has been the most prolific ransomware operation in recent memory.

Recent studies from security experts highlighted LockBit as a leader in the ransomware ranks but also noted that the group's proclivity was likely to land them in the crosshairs of law enforcement agencies. A report from security vendor MalwareBytes noted that the ransomware crew likely had "a team of FBI agents somewhere plotting its demise."

The researchers were accurate, it seems, as the authorities made a rare arrest of a ransomware actor that was operating within the grasp of the U.S. legal system.

"Yesterday's successful arrest demonstrates our ability to maintain and apply relentless pressure against our adversaries," said FBI Deputy Director Paul Abbate in announcing the arrest.

"The FBI's persistent investigative efforts, in close collaboration with our federal and international partners, [illustrate] our commitment to using all of our resources to ensure we protect the American public from these global cyber threat actors."

Vasilev faces trial in U.S. District Court in New Jersey.