Contact
LockBit Ransomware Mastermind Is Arrested - Talion

LockBit are a ransomware gang that have certainly made a name for themselves in the cyber security space over the last few years. Having carried out arguably the most destructive cyber attacks across the world, from infecting an IT supplier of the UK National Health Service to PR stunts against cyber security giants, it’s no surprise that the investigation to hunt these cybercriminals has been on the go for many years.

Now? An alleged LockBit suspect has been arrested.

Here’s everything you need to know…

 

2 Years Of Investigation Leads To Arrest

A 33 year-old dual Russian and Canadian national, named Mikhail Vasiliev, was arrested in Canada on 26th October 2022 after being suspected of “deploying the LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups across the world,” said Europol. Known for extorting victims with ransom demands as high as €70 million, this LockBit operator was a high value target and his arrest is a significant moment in the fight to reduce ransomware attacks worldwide.

Suspicions of Mikhail Vasiliev’s criminal behaviour began in August 2022 following the search of his home. As stated in a criminal complaint form, Canadian law enforcement found screenshots of messages on the Tox end-to-end encrypted messaging platform under the name “LockBitSupp”, as well as source code for a program designed to encrypt data. Even usernames and passwords of LockBit victims from Canada were stored, back from a LockBit attack around January time. In light of this, law enforcement seized 8 computers, 32 external hard drives, 2 firearms and €400,000 worth of cryptocurrency from the suspect’s home.

“This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” said Deputy Attorney General Lisa O. Monaco. “It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats.”

Currently, Mikhail Vasiliev awaits extradition to the United States. If convicted, he faces a maximum of five years of incarceration, due to being charged with conspiracy to intentionally damage protected computers and to transmit ransom demands.

 

 

 

LockBit In The Past…

You may already be aware of LockBit attacks from the past year, but we’ve covered a few of the most prolific:

Disruption to NHS 111 line – In August 2022, a major IT outage to a vendor in the healthcare space caused the NHS 111 services to go down, forcing call handlers to work back how they did before the digital world – with pen and paper. Attackers allegedly gained access using Citrix server credentials and, although the likelihood of harm to individuals was considered low, approximately 16 institutions were affected by LockBit’s malware.

Top Aces – This exclusive adversary air provider to the Canadian and German armed forces was another of the unfortunate LockBit victims this year. Displayed on the leak site for all to see, Top Aces were given a deadline of May 15th before LockBit would leak 44GB of data it allegedly stole.

The Classic LockBit Stunt – LockBit are known for having “attacked” companies, claiming stolen data when there is no evidence they actually executed it. Their targets are usually cyber security giants, with a goal to scare customers and ruin reputation. Of course, there is no denying the attacks that do take place, with 35.1% of ransomware activity in Q3 2022 linked to LockBit, but it sure is an interesting PR stunt to illude people into “real” cybercriminal activity.

 

We’ve Got You Covered

Our Threat Intelligence team are continuously researching and assessing the most current cybersecurity threats and are able to assess your organisation’s risk against more than 200 threat actors, including ransomware gangs such as LockBit.

Ensure you’re always in the know, even when the future is in the dark.

Download our Threat Intelligence Datasheet to discover more.

Any questions? Get in touch with us here.

 
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
24x7x365 UK-based Security Operations Centre
Talion
Service underpinned by market leading threat intelligence team
Talion
Continually developed threat relevant content, backed by SLAs
Talion
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Talion
Experts in SIEM and SOAR technology
Talion
UK-based Senior Leadership
Looking to maximise value and flexibility?
Learn how Talion and DEVO partner to achieve this.
Discuss your cyber security needs
Contact us below and one of our team will be in touch to answer your questions.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Get In Touch With Us

Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.

CISO Cyber Dinner – Register Your Interest!

Thought-provoking cyber security discussion at Michelin-star restaurants across the UK.