LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition

Mikhail Vasiliev was also fined $860,000 for his involvement in the LockBit gang’s attacks. This case highlights the international effort to combat cybercrime and the severe consequences awaiting perpetrators.

A Russian-Canadian citizen, Mikhail Vasiliev, has been sentenced to nearly four years in prison for his involvement in the notorious LockBit ransomware operation. Vasiliev will also pay $860,000 in restitution to his Canadian victims.

Vasiliev’s lawyer reportedly argued that he turned to cybercrime due to financial difficulties during the COVID-19 pandemic. However, Justice Michelle Fuerst rejected this justification, calling Vasiliev a Cyber Terrorist whose actions were motivated by greed and his crimes were “far from victimless crimes.”

Investigations revealed Vasiliev’s role as a key member of the LockBit ransomware gang, involved in a significant number of cyberattacks with ransom demands ranging between €5m-€70 million. Vasiliev took responsibility for his actions, as confirmed by his lawyer Louis Strezos.

Vasiliev, 34, was arrested in October 2022 from his residence in Bradford, Ontario where he had moved from Moscow 20 years ago. He pleaded guilty in February 2024 to stealing victims’ computer data and using it for extortion.

Moreover, according to Canadian media reports, he admitted targeting at least three Canadian organizations, encrypting their data, and seeking ransom payments between 2021-2022, making $100 million in ransom demands for the gang from around 1,000 cyberattacks on victims in the U.S. and globally,

Vasiliev primarily targeted businesses in Saskatchewan, Montreal, and Newfoundland. His attacks likely caused significant disruptions and financial losses to the targeted businesses.

In November 2022, the US Department of Justice announced separate charges for his involvement in LockBit attacks. Vasiliev is set to be extradited to the U.S. for facing these additional charges

LockBit, active since 2020, operates under a ransomware-as-a-service (RaaS) business model, where affiliates exploit intrusions and deploy ransomware in exchange for some percentage of ransom payment.

In 2023, the gang gained significant profits from targeting companies like Boeing and Allen & Overy and exploited the Citrix bleed security flaw tracked as CVE-2023-4966 (CVSS score: 9.4).

LockBit’s infrastructure was dismantled by the law enforcement authorities in February 2024 as part of Operation Cronos with the seizure of 34 servers and 200 cryptocurrency accounts. Just a week after its seizure, LockBit reemerged with new leak sites, but RaaS is unlikely to recover. It claimed Operation Cronos was successful due to its negligence in updating PHP settings.

So far, Authorities have arrested six suspects in connection to LockBit, including Vasiliev, Ruslan Magomedovich Astamirov who was arrested in June 2023, two Russian nationals Artur Sungatov and Ivan Kondratyev, alias Bassterlord, and two others arrested in Ukraine and Poland.

Vasiliev’s potential extradition is a sign of growing international cooperation in combating cybercrime and serves as a warning to other gangs involved in such activities.

1. Ragnar Locker Ransomware Dismantled, Key Suspect Arrested
2. Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
3. Operator of Proxy Botnet ‘IPStorm’ Arrested, Pleads Guilty in US
4. LockBit ransomware blames victim for DDoS attack on its website
5. Multimillion-Dollar Vishing Scam Busted: Czech-Ukrainian Gang Arrested