It would be linked to at least “115 attacks against French victims”. The Paris prosecutor’s office said on Tuesday that a man arrested in late October in Canada is suspected of being a major player in one of the most lucrative ransomware organizations in the world.
The American and European authorities announced, on November 11, the arrest of Mikhael Vasiliev at the end of October. This Russian-Canadian national is suspected of having deployed the LockBit ransomware to carry out attacks against important infrastructures and large industrial groups around the world.
A statement from Europol said that the 33-year-old man was known for his exorbitant ransom demands, ranging from 5 to 70 million euros. According to the Paris prosecutor’s office, this man “listed as a high-level target has been identified as likely to be affiliated with several ransomware groups and perpetrators of several attacks against victims spread around the world (Lockbit , Blackcat, Ragnarlocker, Darkside…)”.
2,000 victims worldwide
“The first exploitations of the computer equipment made it possible to link the individual to the commission of 115 attacks against French victims and nearly 2,000 victims in the world”, according to the public prosecutor. The procedure in France was opened in September 2020 at the cyber section of the Paris public prosecutor’s office following “multiple ransomware attacks perpetrated against companies in all sectors, ranging from SMEs to multinational companies”. . It was “entrusted to the Center for the fight against digital crime (C3N) of the command of the Gendarmerie in cyberspace with the assistance of the Research Sections of Marseille and the Maritime Gendarmerie”.
Judicial information was then opened against the individual, “now targeted by an international arrest warrant from France and the United States”. He is awaiting extradition to the United States, the US Department of Justice said in a statement last week. The Russian-speaking group LockBit 3.0, using the Lockbit ransomware, is notably known for having disrupted the operation of the South Francilien Hospital Center (CHSF) in Corbeil-Essonnes by launching a spectacular cyberattack last August. He also recently claimed responsibility for a cyberattack against Thales.