By ERIC TUCKER
WASHINGTON (AP) — A man who authorities say participated in a ransomware campaign that extracted tens of millions of dollars from victims has been charged in the United States, the Justice Department announced Thursday.
Mikhail Vasiliev, a dual national of Russia and Canada, was arrested Wednesday. He is currently in custody in Canada and is awaiting extradition to the U.S. on charges that accuse him of involvement in the Lockbit ransomware operation.
No lawyer for the 33-year-old Vasiliev, of Bradford, Ontario, Canada was listed on the court docket. He faces charges of conspiracy to intentionally damage protected computers and to transmit ransom demands.
Lockbit has been one of the most prolific strains of ransomware. During the first five months of this year it accounted for 46% of all ransomware-related breaches that were publicized on extortion sites used by the syndicate to pressure victims by threatening to publicly leak stolen data, according to the cybersecurity firm Palo Alto Networks.
Its top victims have been in the U.S., Italy and Germany, where it targeted a gamut of industries from manufacturing to retail.
The Justice Department says that between January 2020 and the present, LockBit members have conducted at least 1,000 ransomware attacks — in which hackers hold victims’ data hostage through encryption until a sum is paid — in the U.S. and around the world. Prosecutors said the hackers made at least $100 million in ransom demands and extracted tens of millions of dollars in payments.
Deputy Attorney General Lisa Monaco said in a statement that the arrest was the “result of over two-and-a-half-years of investigation into the LockBit ransomware group.”
According to court documents made public Thursday, Canadian law enforcement searched Vasiliev’s home and discovered a file named “TARGETLIST” on a device. One of the victims named on that list was a business in New Jersey, where the Justice Department filed the case, the documents say.
Law enforcement did another search in October, when they said they found on a laptop computer an open tab pointed to a site called “LockBit LOGIN.”