What just happened? The LockBit ransomware group is back in the news again, though this time it isn't related to the recent seizure of its website by law enforcement. One of the group's high-ranking members has just been sentenced to four years in prison and ordered to pay more than $635,000 for his role in infecting over 1,000 systems with LockBit.
Mikhail Vasiliev, a 33-year-old Canadian-Russian national, who has been living in Ontario, Canada, was arrested in November 2022. Last month, he pleaded guilty to eight counts of cyber-extortion and mischief, along with weapons charges, involving Canadian victims, including businesses in Saskatchewan, Montreal, and Newfoundland.
When agents raided his home in October 2022, Vasiliev was discovered working on a laptop that displayed a login screen to the LockBit control panel. Ars Technica writes that they also discovered a seed phrase credential for a Bitcoin wallet address linked to another wallet that had received payment from a LockBit victim.
Investigators found more evidence of Vasiliev's links to LockBit in an earlier raid, including what appeared to be a list of either historical or prospective targets, messages with someone who used a moniker favored by gang members, LockBit ransomware deployment instructions, and credentials for devices belonging to an employee of a confirmed LockBit victim.
Vasiliev is awaiting extradition proceedings to bring him to New Jersey, where he will face additional charges related to his involvement with the gang.
Justice Michelle Fuerst called Vasiliev a "cyber-terrorist" in her sentencing, adding that his crimes were far from victimless and he was motivated by his own greed.
LockBit was one of the first to offer ransomware-as-a-service (RaaS) to other criminals, who must send the gang part of the ransomware payments taken from victims. There have been nearly 2,300 attacks attributed to the group, making it the most prolific ransomware gang in the world. The second most prolific group, Conti, has been linked to 883 attacks.
In February, LockBit's website showed a banner informing visitors that it was under the control of law enforcement. The operation involved the National Crime Agency (NCA) of the UK, the FBI, and an international task force named Operation Cronos. LockBit's operations were disrupted, and suspected group members were arrested in several countries. The group announced that it was back in action a week later.
Masthead: Sebastiaan Stam