Prison

Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation.

Vasiliev was arrested in November 2022 and pleaded guilty to eight charges in February 2024, including cyber extortion, mischief, and weapons offenses.

The man was a key member of the notorious LockBit ransomware gang, involved in many of the operation's high-profile attacks.

Specifically, Vasiliev is believed to have been involved in a thousand cyberattacks conducted by the ransomware gang, which led to ransom payment demands of over $100 million.

Many of those victims, who had their systems paralyzed by Vasiliev between 2021 and 2022, were businesses based in Saskatchewan, Montreal, Newfoundland, and other Canadian states.

His lawyer stated that Vasiliev became a cybercriminal during the pandemic and has now taken responsibility for his actions.

However, Justice Michelle Fuerst called him a "cyber-terrorist," highlighting his "coldly calculated" greed-driven crimes.

In addition to the imprisonment, Vasiliev was ordered to pay $860,000 in restitution to his Canadian victims. He also faces extradition to the United States, where he will face additional charges.

LockBit limping along

LockBit was one of the most active ransomware-as-a-service operations engaging in data theft and encryption, followed by extortion and data leaks on a dedicated darknet portal.

Over time, LockBit has undergone significant evolution, making various iterations of its locker available to affiliates and almost releasing its fourth major version when a global law enforcement operation disrupted its activities.

The disruption was accompanied by several arrests of high-profile LockBit affiliates and core team members, with the U.S. State Department announcing rewards of up to $15 million for information on Lockbit members and associates.

Despite the coordinated and decisive attempt to disrupt LockBit, the cybercrime gang quickly relaunched the operation on new infrastructure and resumed attacks employing updated encryptors and ransom notes.

However, the ransomware gang may not have recovered from the law enforcement operation and their tarnished reputation as they would like us to think.

An analysis of the new data leak site by Valéry Marchive indicates that most of the newly posted data are for companies attacked in 2022 and 2023, indicating that the gang is trying to appear busier than it actually is.

Related Articles:

LockBit says they stole data in London Drugs ransomware attack

Affirm says cardholders impacted by Evolve Bank data breach

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack

Infosys McCamish says LockBit stole data of 6 million people

Four FIN9 hackers indicted for cyberattacks causing $71M in losses