A key member of the LockBit ransomware group, Mikhail Vasiliev, a Russian-Canadian, has been handed a nearly four-year jail sentence in Canada for his involvement in over a thousand cyber attacks, allegedly yielding more than $100 million in ransom.
Vasiliev, residing in Bradford, Ontario, played a role in cyber extortion schemes targeting businesses across various Canadian provinces, including Saskatchewan, Montreal, and Newfoundland.
LockBit’s modus operandi involved encrypting sensitive computer data and demanding hefty ransom payments from its victims, paralyzing their operations in the process.
The 34-year-old, who migrated from Moscow over two decades ago, confessed to orchestrating ransomware schemes, coercing victims into paying hefty sums to regain access to their compromised data. He was arrested nearly a year and a half ago.
Vasiliev pleaded guilty to eight counts of cyber extortion, mischief, weapons charges, and affiliation with the cybercrime syndicate.
In addition to the prison term, Vasiliev has to pay a restitution of $860,000. Furthermore, he awaits trial in the United States, where he could face additional penalties for his cybercrimes.
LockBit’s ransomware operation was disrupted in February 2024 as a result of an international law enforcement effort. It led to the arrest of several alleged LockBit affiliates in Ukraine and Poland.
Additionally, 34 LockBit servers were seized, and more than 14,000 online and web hosting accounts associated with previous LockBit attacks were identified and shut down. Furthermore, authorities took control of over 200 cryptocurrency accounts linked to LockBit.
The UK's National Crime Agency (NCA) took the lead in the operation, seizing LockBit's infrastructure, including its leak site used for publishing stolen data from ransomware victims. Moreover, over 1,000 decryption keys were obtained, enabling law enforcement to develop a decryption tool accessible through Europol’s “NoMoreRansom” platform.
In parallel, US authorities unsealed an indictment against two Russian nationals, Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their alleged involvement in deploying LockBit ransomware against multiple victims. Kondratyev faces additional charges related to operating the REvil/Sodinikibi ransomware. Both individuals have been sanctioned by the US Department of Treasury's Office of Foreign Assets Control.
Furthermore, the US State Department has offered rewards of up to $10 million for information leading to the capture of LockBit’s leaders and up to $5 million for tips leading to the arrest and/or conviction of LockBit’s affiliates.
