A dual Russian and Canadian national has been arrested for his alleged involvement with the infamous LockBit ransomware gang.

Mikhail Vasiliev, 33, is accused of conspiring with others to damage protected computers intentionally and transmit ransom demands. He was arrested in Ontario, Canada, on Nov. 9 and is awaiting an extradition hearing.

The U.S. Department of Justice claims that Vasiliev “participated in the LockBit campaign by conspiring with others to intentionally damage protected computers and to transmit ransom demands.”

Precisely what that means, however, is unclear. There is no single “LockBit campaign,” and LockBit offers ransomware-as-a-service, meaning that LockBit attacks are not always undertaken by LockBit itself but by affiliates. Whether Vasiliev was an affiliate or was directly involved with the gang was not specified by the Justice Department.

A press release from Europol, which led the investigation along with the Federal Bureau of Investigation and the Canadian Royal Mounted Police, provided some further details. Europol claims that Vasiliev “is known for his extortionate ransom demands” ranging from 5 million to 70 million euros. Hinting that he may have been acting as a LockBit affiliate, the statement says that he “deployed the LockBit ransomware to carry out attacks,” not that he was running the group or was a direct member of the gang.

Canadian police are also said to have seized two firearms, eight computers, 32 external hard drives and 400,000 euros worth of cryptocurrency. “This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world,” Deputy Attorney General Lisa O. Monaco said in a statement.

LockBit emerged in January 2020 and is believed to have been deployed against as many as 1,000 victims in the U.S. The Justice Department claims that LockBit members have made at least $100 million in ransom demands and have successfully extracted tens of millions of dollars from victims.

The gang was last in the news in August when it was knocked offline in a distributed denial-of-service attack, but it has since fully recovered. LockBit has dozens of recent victims currently listed on its dark web blog (pictured). Notable recent victims include Thales Group SA, Continental AG, the Chattanooga Housing Authority and Meiji Singapore.

Image: LockBit