Mikhail Vasiliev neutralized in Ontario
A hacker with citizenship of Russia and Canada in the United States is waiting for a prison for extorting €70 million from large companies using the LockBit virus
The US Department of Justice reported about the arrest in Canada of 33-year-old Russian Mikhail Vasiliev. He was detained by intelligence agencies on suspicion of hacker attacks on critical infrastructure facilities in several countries and various companies around the world. […]
Kommersant.Ru, 11/10/2022, “Russian arrested in Canada suspected of world’s largest cyber extortion”: According to Techcrunch With reference to a remote Europol press release, a citizen of the Russian Federation and Canada, Mikhail Vasiliev, was arrested in the province of Ontario on October 26. He is currently awaiting extradition to the US. The detainee is suspected of using the LockBit ransomware virus. The police confiscated 8 computers, 32 external hard drives and €400,000 in cryptocurrencies from Vasiliev. — Inset K.ru
Vasiliev has been charged with conspiring as part of the LockBit hacker group to deliberately damage protected computers and telecommunications networks, transferring ransom demands, and being involved in several dozen cyberattacks over the past two and a half years as the operator of LockBit. […]
ib-bank.ru, 11/11/2022, “Europol arrested a Russian operator of LockBit ransomware”: During a search of Vasiliev’s house, screenshots of messages in the Tox messenger with a LockBit representative “LockBitSupp” were found, which contained instructions on how to deploy the blocker and the source code of the malware, as well as “photographs of a computer screen with credentials for various services of company employees in Canada, which was attacked by LockBit in January 2022.” — Inset K.ru
According to the investigation, members of the LockBit group have earned about $100 million since 2020 by extorting about 1,000 victims worldwide. The investigation believes that Vasilyev is the main member of LockBit. In the US, he faces up to five years in prison.
Experts from Europol explained to Techcrunch that they consider Vasilyev to be one of the most active ransomware operators in the world. He allegedly managed to extort a ransom from some victims in the amount of €5 million to €70 million in a short time. avoid a similar fate and lay low.
In July the hackers attacked with the help of LockBit, the infrastructure of the small Canadian town of St. Marys with a population of 7.5 thousand people.
In June, the LockBit grouping launched own bug bounty by offering payouts to those who discover vulnerabilities on their site.
Formerly LockBit took claimed responsibility for the May attack on Foxconn, which stopped the work of one of the company’s factories.
LockBit victims include British healthcare provider Advanced, consulting firm Accenture, international industrial company Thales Group, and German tire and automotive electronics manufacturer Continental, according to the US Department of Justice.
Hacker.Ru, 07/26/2022, “LockBit operators claim to have hacked the Italian tax office”: LockBit ransomware operators claim to have hacked the network of the Italian tax office (L’Agenzia delle Entrate). At the same time, hackers allegedly stole 100 GB of data (including company documents, scans, financial reports and contracts), which they threaten to publish in the public domain if the authorities do not pay a ransom by August 1, 2022.
The Italian tax office has already published Official statement on her website, in which she stated that she was investigating “the alleged theft of data from the tax information system.” It is also reported that the agency requested additional information from Sogei (Società Generale d’Informatica SpA), which is controlled by the country’s Ministry of Economy and Finance and manages the infrastructure of the financial administration. It must be said that Sogei SpA also manages the IT infrastructure of other Italian departments, including the Ministry of Justice, the Ministry of Interior and Education, the Prosecutor General’s Office and the Ministry of Finance.
Bleeping Computer edition received official comment from company representatives: they said that “there were no cyber attacks on technology platforms and financial management infrastructure,” and also added that they could not provide more details, since the investigation of what happened had not yet been completed. — Inset K.ru
Hacker.Ru, 08/31/2021, “Bangkok Airways became a victim of LockBit malware”: Thailand’s third-largest airline, Bangkok Airways, has admitted to being hit by a ransomware attack that stole passenger information. Official Press release The incident was released a day after the hack group LockBit posted a hack on its dark web site and threatened to release data stolen from the airline if the airline did not pay a ransom. The five days that the attackers gave Bangkok Airways to pay the ransom had already expired, so the hackers released more than 200 GB of stolen data (Bangkok Air was clearly not interested in negotiations).
Most of the stolen information appears to be related to the carrier’s business records, but the airline said the hackers were able to steal files containing the personal details of some passengers. Exactly how many people were affected by this leak is not yet clear, as the investigation into what happened is still ongoing.
According to Bangkok Airways, the following data could have fallen into the hands of the hackers: passenger name, last name, nationality, gender, phone number, email address, address, contact information, passport information, travel history information, partial bank card information, special nutrition. It is emphasized that the operational and aviation security systems were not affected. The airline has already notified local law enforcement about the incident and is now warning customers that the stolen data could be used against them by scammers. — Inset K.ru