The arrest follows a similar action in Ukraine in October last year when a joint international law enforcement operation led to the arrest of two of his accomplices.
Europol says Vasiliev, described as “one of the world’s most prolific ransomware operators,” was one of its high-value targets due to his involvement in numerous high-profile ransomware cases. The EU police agency added that he is known for trying to extort victims with ransom demands between €5 to €70 million.
A separate press release from the Department of Justice notes that LockBit has claimed at least 1,000 victims in the United States and has extracted tens of millions of dollars in actual ransom payments from their victims.
Vasiliev is awaiting extradition to the United States, where he is charged with conspiracy to intentionally damage protected computers and to transmit ransom demands. If convicted, Vasiliev faces a maximum of five years in prison.
“Yesterday’s successful arrest demonstrates our ability to maintain and apply relentless pressure against our adversaries,” said FBI Deputy Director Paul Abbate. “The FBI’s persistent investigative efforts, in close collaboration with our federal and international partners, illustrates our commitment to using all of our resources to ensure we protect the American public from these global cyber threat actors.”
Brett Callow, a ransomware expert and threat analyst at Emisosft, tells TechCrunch that Vasiliev’s arrest could signal the end of the LockBit operation “as other cybercriminals will lose confidence in the integrity of the operation.
“Unfortunately, the group will probably rebrand, but this is nonetheless a significant arrest,” Callow added. “Vasiliev could well lead law enforcement to others involved in the operation.”
Specific victims targeted by the suspected LockBit operator were not named by Europol. However, France’s involvement in the operation suggests Vasiliev could be linked to a recent attack on French aerospace and defense group Thales.
“As far as customers are concerned, you can approach the relevant organizations to consider taking legal action against this company that has greatly neglected the rules of confidentiality,” a message on the LockBit leak site reads.
Thales spokesperson Cedric Leurquin did not immediately respond to our request for comment.
LockBit also claims to have today leaked 40 terabytes of data stolen from German automotive giant Continental, and samples of the data suggest that the gang has accessed technical documents and source code. Though a ransom demand was not explicitly stated, the ransomware gang’s leak page claims to offer access to the full tranche of stolen data for $50 million.
Continental spokesperson Marc Siedler told TechCrunch that the company’s investigation into the incident has revealed that “attackers were also able to steal some data from the affected IT systems,” but refused to say what types of data were stolen or how many customers and employees have been affected.
Police arrest suspected LockBit operator as the ransomware gang spills new data by Carly Page originally published on TechCrunch