Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide.
The suspect was arrested in Ontario, Canada, last month following an investigation led by the French National Gendarmerie with the help of Europol’s European Cybercrime Centre (EC3), the FBI, and the Canadian Royal Canadian Mounted Police (RCMP).
“One of the world’s most prolific ransomware operators has been arrested on 26 October in Ontario, Canada,” Europol said today.
“A 33-year old Russian national, the suspect is believed to have deployed the LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups across the world.”
Law enforcement agents also seized eight computers and 32 external hard drives, two firearms, and €400,000 worth of cryptocurrency from the suspect’s home,
Europol added that this LockBit operator “was one of Europol’s high-value targets due to his involvement in numerous high-profile ransomware cases,” and he is known for trying to extort victims with ransom demands between €5 to €70 million.
The suspect will now face charges in the United States, and the U.S. Department of Justice (DOJ) is expected to make a statement later today.
While Europol describes the suspect as an ‘operator’ of the LockBit ransomware, he is likely an affiliate rather than a manager of the cybercrime operation.
Furthermore, the public-facing LockBit representative known as ‘LockBitSupp’ was posting in hacker forums as recently as yesterday.
Stream of ransomware operator arrests
This arrest follows a similar action in Ukraine in October 2021 when a joint international law enforcement operation involving the FBI, the French police, and the Ukrainian National Police led to the arrest of two of his accomplices.
While announcements from Europol and the Ukrainian police described the suspects as members of a top-tier ransomware gang, Europol told BleepingComputer at the time that they could not name the group for operational reasons.
“Both these individuals were part of the same group which focused not only on ransom attacks, but also laundered criminal funds,” Europol said.
Both suspects were arrested in Kyiv, Ukraine, with one of them described as a 25-year-old male “hacker.”
Last year, the Ukrainian police also arrested other suspects believed to be members of the Clop and Egregor ransomware operations.
Europol also announced in October 2021 that law enforcement agencies apprehended 12 suspects in Ukraine and Switzerland believed to be linked to LockerGoga, MegaCortex, and Dharma ransomware attacks that affected more than 1,800 victims in 71 countries.
Source: https://www.bleepingcomputer.com/news/security/russian-lockbit-ransomware-operator-arrested-in-canada/