LockBit Ransomware Hacker Sentenced to 4 Years in Jail and $860,000 Fine After Guilty Plea in Canada

In recent legal proceedings, a 34-year-old Russian-Canadian national named Mikhail Vasiliev has received a four-year jail sentence in Canada for his involvement in the global ransomware scheme known as LockBit. Vasiliev, residing in Ontario, was initially apprehended in November 2022 and charged by the U.S. Department of Justice (DoJ) for his role in damaging protected computers and transmitting ransom demands in connection with such activities.

The sentencing of Vasiliev was disclosed by CTV News, shedding light on the severity of his crimes. Following searches of his residence by Canadian law enforcement in August and October 2022, incriminating evidence was uncovered, including a list of potential or past victims, screenshots of communications with "LockBitSupp" via the Tox messaging platform, and instructional files for deploying LockBit ransomware. Vasiliev admitted guilt to eight counts of cyber extortion, mischief, and weapons charges, earning him the condemnation of Justice Michelle Fuerst, who characterized him as a "cyber terrorist" motivated by personal gain.

Reports suggest that Vasiliev turned to cybercrime during the COVID-19 pandemic, targeting three Canadian companies between 2021 and 2022 by stealing their data and extorting ransom payments. In addition to his jail sentence, Vasiliev has been ordered to pay restitution exceeding $860,000 and has consented to extradition to the U.S.

LockBit, known as one of the most prolific ransomware groups, suffered a significant setback in February 2024 when law enforcement seized its infrastructure in a coordinated operation. Subsequently, three LockBit affiliates were arrested in Poland and Ukraine. Despite LockBit's attempt to resurface with a new data leak site, investigations suggest that the newly listed victims may be either outdated or fictitious, intended to portray a semblance of continued operation.

In parallel legal proceedings, Roman Sterlingov, a dual Russian-Swedish national, was convicted by a federal jury in Washington, D.C., for operating Bitcoin Fog from 2011 to 2021. Bitcoin Fog facilitated the laundering of proceeds from illegal activities, including drug sales, computer crimes, identity theft, and child exploitation. Ilya Lichtenstein, who admitted involvement in the theft of approximately 120,000 bitcoins from the Bitfinex cryptocurrency exchange, testified about his use of Bitcoin Fog for laundering virtual assets.

According to the DoJ, Bitcoin Fog operated as a prominent cryptocurrency mixer, enabling criminals to conceal their illicit gains from law enforcement. Over its ten-year span, Bitcoin Fog facilitated the movement of over 1.2 million bitcoins, valued at around $400 million during the transactions.