Man Charged For Involvement in LockBit Ransomware Campaign
– Dual Russian and Canadian national Mikhail Vasiliev was charged for his alleged involvement in the global LockBit ransomware campaign, the Department of Justice (DOJ) announced. LockBit has been known to target healthcare in the past.
Since it first gained prominence around January 2020, the ransomware variant “has become one of the most active and destructive ransomware variants in the world,” the press release stated.
LockBit members have accumulated at least $100 million in demands and have claimed more than 1,000 victims in the US and abroad. The FBI has been investigating the ransomware campaign since March 2020.
Vasiliev has been charged with “conspiracy to intentionally damage protected computers and to transmit ransom demands,” the DOJ explained. Vasiliev could face up to five years in prison if convicted. He is currently in custody in Canada and is awaiting extradition to the US.
“This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” explained Deputy Attorney General Lisa O. Monaco.
“It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber threats. Let this be yet another warning to ransomware actors: working with partners around the world, the Department of Justice will continue to disrupt cyber threats and hold perpetrators to account. With our partners, we will use every available tool to disrupt, deter, and punish cyber criminals.”
In February 2022, the Federal Bureau of Investigation (FBI) released a flash alert containing detailed indicators of compromise (IOCs) associated with LockBit 2.0, the second iteration of LockBit. LockBit 2.0 ransomware is known to compromise victim networks via unpatched vulnerabilities, zero-days, and insider access.
“Although the LockBit 2.0 cybercrime gang claims to not attack healthcare organizations, all ransomware continues to act as a major cyber threat against the U.S. Healthcare and Public Health (HPH) Sector,” HHS stated in a subsequent alert.
At the time, HHS recommended that healthcare organizations follow standard ransomware prevention best practices, such as using multi-factor authentication, enforcing strong passwords, and establishing a comprehensive data backup program.