LockBit ransomware kingpin gets 4 years behind bars

Canadian-Russian said to have turned to a life of cybercrime during pandemic, now must pay the price – literally

A LockBit ransomware kingpin has been sentenced to almost four years behind bars and ordered to pay more than CA$860,000 ($635,000, £500,000) in restitution to some of his victims by a Canadian court as he awaits extradition to the US.

During a sentencing hearing this week, Justice Michelle Fuerst said 34-year-old Mikhail Vasiliev was a cyber-terrorist who was "motivated by his own greed," according to CTV News. 

Vasiliev, a dual Canadian-Russian national living in Bradford, Ontario, pleaded guilty last month to eight counts of cyber-extortion, mischief, and weapons charges against Canadian victims, including businesses in Saskatchewan, Montreal, and Newfoundland. He was said to have been an administrator within the LockBit gang.

The crook was arrested November 9, 2022, and is awaiting extradition proceedings to bring him to New Jersey, where he faces additional charges related to his involvement with LockBit. 

American prosecutors have charged Vasiliev with conspiring to intentionally damage protected computers and to transmit ransom demands. He faces up to five years in a US prison.

The prolific crime gang has extorted at least $120 million in ransom payments from more than 2,000 victims since 2020.

Earlier this year, an international law-enforcement effort took down LockBit's infrastructure, famously trolling the criminals in the process. 

Despite the extortionists setting up a new website and listing alleged victims just days later, it appears that the UK and US cops' efforts have hobbled the ransomware-as-a-service operation. 

The arrest of individual gang members, however, remains slow going. In addition to Vasiliev, just two other suspects — Ruslan Astamirov and Mikhail Matveev — have been named, and of those two only Astamirov has been arrested and charged with infecting victims with LockBit ransomware.

The group's top boss, LockBitSupp, remains free with and unknown (at least to the public) despite a $15 million bounty and law enforcement's bluff to reveal LockBitSupp's identity.

According to court documents [PDF], Canadian cops searched Vasiliev's home in August 2022 and discovered a file, cleverly named "TARGETLIST," on his gear containing a list of names that appeared to be prospective or historical cybercrime victims.

Law enforcement also found screenshots of Tor messages exchanged between Vasiliev and LockBitSupp, along with a text file containing instructions on how to deploy LockBit ransomware and source code for a program designed to encrypt data stored on Linux-based computers.

During a subsequent search in October 2022, the police found Vasiliev sitting at a table, laptop open, with his browser pointed to the crime gang's dark-web domain.

Vasiliev's lawyer, Louis Strezos, told a Canadian court Vasiliev leaned into cybercrime while stuck at home, during the pandemic, according to CTV News.

"Mikhail Vasiliev took responsibility for his actions, and that played out in today's courtroom with the sentence that was imposed," Strezos reportedly said outside the courthouse on Tuesday. ®

Send us news

With ransomware whales becoming so dominant, would-be challengers ask 'what's the point?'

Fewer rivals on the scene as big-gang success soars

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Throw another healthcare biz on the barby, mate

Ransomware negotiator weighs in on the extortion payment debate with El Reg

As gang tactics get nastier while attacks hit all-time highs

Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

Spoiler alert: it's not really IT support controlling your device

Canada's London Drugs confirms ransomware attack after LockBit demands $25M

Pharmacy says it's 'unwilling and unable to pay ransom'

Bayer and 12 other major drug companies caught up in Cencora data loss

Plus: US water systems fail at cyber security

Here's yet more ransomware using BitLocker against Microsoft's own users

ShrinkLocker throws steel and vaccine makers into the hurt locker

Cybersec chiefs team up with insurers to say 'no' to ransomware bullies

Guidebook aims to undermine the criminal business model

LockBit dethroned as leading ransomware gang for first time post-takedown

Rivals ready to swoop in but drop in overall attacks illustrates LockBit’s influence

First LockBit, now BreachForums: Are cops winning the war or just a few battles?

TLDR: Peace in our time is really really hard

Go after UnitedHealth, not us, 100+ medical groups urge Uncle Sam

Why should we get its paperwork?

Uncle Sam urges action after Black Basta ransomware infects Ascension

Emergency ambulances diverted while techies restore systems