A Russian and Canadian national has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands in connection with the LockBit global campaign.
Mikhail Vasiliev, 33, was apprehended in Bradford, Ontario yesterday and is currently in custody in Canada, awaiting extradition to the US.
"This arrest is the result of over two-and-a-half-years of investigation into the LockBit ransomware group, which has harmed victims in the United States and around the world," said deputy attorney general Lisa O. Monaco in a press release by the Department of Justice (DoJ).
"It is also a result of more than a decade of experience that FBI agents, Justice Department prosecutors, and our international partners have built dismantling cyber-threats."
According to FBI deputy director Paul Abbate, the arrest demonstrates the DoJ's ability to maintain pressure against its adversaries.
"The FBI's persistent investigative efforts, in close collaboration with our federal and international partners, illustrates our commitment to using all of our resources to ensure we protect the American public from these global cyber-threat actors."
Court documents seen during the trial suggest the LockBit ransomware variant first appeared around January 2020 and has since been deployed against roughly 1000 victims in the United States and worldwide.
Further, LockBit members have made at least $100m in ransom demands and have extracted tens of millions of dollars in ransom payments from their victims.
Vasiliev allegedly actively participated in the LockBit campaign, conspiring with other threat actors to spread the ransomware and issue demands. If charged, he may face a maximum of five years in prison, a fine of up to $250,000 or twice the gross financial gain or loss from the scheme (whichever is greatest).
"International ransomware threats like LockBit are the most pressing cybercrime challenge facing law enforcement today," US attorney Philip R. Sellinger said.
"These attacks cause disruption and damage to their victims that far exceed the dollar figures of ransom demands or payments, which are themselves significant. However, the United States is up for this challenge and will use all legal means to find the perpetrators of these attacks and bring them to justice."
The charges come a week after LockBit claimed responsibility for the August cyber-attack against the multinational automotive group Continental.