LockBit ransomware suspect arrested in Canada, faces charges in US

Authorities arrested the suspect wanted for his alleged role in one of the most prolific ransomware crews in the world.
The Department of Justice building is seen in Washington, DC, on August 9, 2022. (Photo by STEFANI REYNOLDS/AFP via Getty Images)

Canadian law enforcement officials arrested a dual Russian and Canadian national in October accused of participating in LockBit ransomware attacks against targets across the world, costing victims millions of dollars.

The Justice Department identified the suspect as Mikhail Vasiliev who, according to court documents unsealed Thursday, faces charges related to conspiracy to damage computers and transmitting ransom demands. Vasiliev faces up to five years in prison and is awaiting extradition to the U.S.

“This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” said Deputy Attorney General Lisa Monaco in an additional statement issued Thursday confirming the arrest. “Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account.”

Europol called Vasiliev one of its most “high-value targets due to his involvement in numerous high-profile ransomware cases,” the agency said in a statement obtained by CyberScoop.


Investigators from the French Gendarmerie, the FBI and Europol’s European Cybercrime Centre were deployed to Ontario as part of the operation, according to the Europol statement.

Police seized two firearms, eight computers and 32 external hard drives, along with roughly $405,000 in cryptocurrencies in the Oct. 26 arrest, Europol said in its statement.

The arrest follows the Sept. 28, 2021, arrest of two suspects in Ukraine who were part of an “organized crime group” accused of committing “a string of targeted attacks against very large industrial groups in Europe and North America from April 2020 onwards,” Europol said at the time.

LockBit is one of the most active ransomware groups, with at least 1,029 attacks since coming onto the scene in 2019, according to stats collected by The Record.

Latest Podcasts