This is a major judicial decision in the fight against cybercrime. The Paris prosecutor’s office has just announced that Mikhail Vasiliev, arrested at the end of October in Canada near Toronto, is suspected of being linked to at least 115 attacks against French victims. Including, according to our information, the fake attack that supposedly targeted the French Ministry of Justice at the beginning of 2022 – in reality, a simple law firm in Caen.
Aged 33, this Russian-Canadian is suspected of being an affiliate of LockBit, the most active mafia franchise of the moment. This gang, which has just tried to blackmail the defense electronics group Thales, has claimed on its extortion site more than a thousand computer attacks since its creation in 2019.
This “high-level target”, according to the Paris prosecutor’s office, would also be an affiliate of the ransomware platforms BlackCat, RagnarLocker and DarkSide. The 115 computer attacks attributed to it in France – for 2,000 victims worldwide according to the prosecution – are therefore probably not all linked to LockBit.
Complex investigations
While justice usually struggles to identify the perpetrators of ransomware attacks, the arrest shows that the investigation services can still succeed in bringing these complex investigations to a successful conclusion.
So far, French justice had only managed to bring to justice a single major cybercriminal in a ransomware case, Alexander Vinnik, finally convicted on the sole laundering of Locky malware ransoms.
As with Alexander Vinnik, the arrest of Mikhail Vasiliev is the result of intense international cooperation. Thus, legal proceedings were opened in France in September 2020 following ransomware attacks. The investigation was then entrusted to the Center for the Fight against Digital Crime (C3N) of the gendarmerie, as well as to the research sections of Marseille and the maritime gendarmerie, leading in particular, at the end of September 2021, to the arrests of two hackers in Ukraine.
Identified by US investigators
But legal proceedings had also been opened in the United States, where the mafia franchise has been the subject of an FBI investigation since March 2020.
More than a year later, in November 2021, a New Jersey company was the victim of a computer attack, a case that is now linked to the alleged affiliate. The American investigators have indeed obtained very convincing results by managing to identify the suspect, Mikhail Vasiliev, residing in Canada. A first discreet search of his home conducted in August 2022 confirms that this track is very hot.
After analysis of the computer of the suspect, the Canadian police indeed found compromising elements. These are screenshots of messages with the administrator of LockBit, a file explaining how to deploy the ransomware on an information system, or a list of username-password pairs of employees of organizations who have been victims of the gang around January 2022.
Mikhail Vasiliev was finally arrested on October 26, 2022 by Canadian police when one of his internet browsing tabs was opened on a LockBit administrator login page.
First U.S. extradition request
According to the American justice, clues show that the suspect also surfed on the page of the builder, the executable which launches the deployment of the ransomware, but also on the chat and statistics pages. Even more embarrassing, the FBI claims to have found a Bitcoin wallet and its password phrase, a wallet recipient of a cyber-ransom according to the prosecution.
On Twitter, in a comment shared by the cybersecurity engineer Soufiane Tahirithe LockBit spokesperson allegedly blamed the suspect for security shortcomings and pointed to a vulnerability in a former admin panel.
First requested by American justice, Mikhail Vasiliev faces a five-year prison sentence in the United States. Granted, that may not seem like much to someone portrayed as a cybercrime bigwig. But these first pursuits will only be an aperitif.
French justice has also issued an international arrest warrant, which will probably have to wait for the judgment of the suspect in the United States to be executed. Extortion in an organized gang is punishable in France with a maximum sentence of 20 years’ imprisonment. According to our information, this order in extradition requests was particularly favored for reasons of efficiency, the extradition mechanisms being considered more fluid between Canada and the United States than between Canada and France.