This is the result of a thorough investigation by Europol, the Canadian police, the FBI and the French gendarmerie. A hacker with dual Canadian and Russian citizenship has been arrested near Toronto, Canada, for allegedly belonging to the LockBit hacker group, Data Breach and several local media report.
Mikhail Vasiliev was arrested in flagrante delicto at his home on October 26th. Police officials found him sitting in his garage in front of a laptop computer. Quickly, the individual is subdued by the police and his computer analyzed. During his arrest, the hacker was consulting the LockBit interface connection site (“LockBit LOGIN”), on the dark webaccording to information from the US complaint.
Incriminated by a Bitcoin transaction
After analyzing the material, the authorities were convinced that Mikhail Vasiliev was indeed a member of LockBit, as evidenced by numerous requests between his computer and the presumed servers of the ransomware. Investigators also found the hacker’s bitcoin wallet. It appears that a transaction of 0.80574055 BTC was recorded on February 5, 2022. The funds came from a ransom payment by a LockBit victim. So many incriminating elements bridging Vasiliev’s involvement in the group. At the same time, 32 external hard drives and two firearms were found following the search.
Mikhail Vasiliev is currently on parole, tracked by a GPS module. An extradition request has been made by the United States, with deliberation expected in Canada in the coming days. The American authorities accuse him of having “knowingly and intentionally conspired and [de] conspiring with others to commit crimes against the United States.”. Namely, causing damage to protected computer equipment and extorting US citizens.
Ransoms of 5 to 70 million euros
According to Europol, Mikhail Vasiliev is known to have demanded ransoms ranging from 5 to 70 million euros from LockBit victims. A first police raid took place in August at his home. The agents had found a file called “TARGETLIST” in which the Russian hacker listed his future prey. If convicted in Canada, Vasiliev faces a maximum sentence of five years in prison and a $250,000 fine.
As a reminder, the LockBit ransomware is at the origin of numerous attacks perpetrated against companies in France in recent months. The attack process is well established: the attackers target a company, infiltrate the computer system, paralyze it and demand a ransom to unlock the computers. If the latter is not paid, the equipment remains blocked and the data entered by the pirates is published in clear text on the dark web. The group had notably claimed responsibility for the attack on the Corbeil-Essonnes hospital, or more recently that of the Thales group.