LockBit administrator sentenced to almost four years in prison after guilty plea

An administrator for the LockBit ransomware gang has been sentenced to four years in prison after pleading guilty to eight charges in a Canadian court last month.

Mikhail Vasiliev, a 34-year-old Canadian-Russian dual national, has been in legal peril since he was first arrested in October 2022 at his home in Bradford, Ontario, as part of an international operation involving European, U.S. and Canadian authorities. He has faced charges from both the U.S. Department of Justice and Canadian authorities since his arrest. 

On Tuesday, Justice Michelle Fuerst handed down an almost four-year sentence to Vasiliev, calling him a “cyber terrorist” who was “motivated by his own greed,” during a hearing in Orillia, Canada. Vasiliev’s lawyer, Louis Strezos, told CTV News that the hacker “took responsibility for his actions” and only became involved in cybercrime during the COVID-19 pandemic.

Vasiliev pled guilty to eight charges involving cyber extortion, weapons possession and more. The charges related to ransomware attacks launched against three Canadian companies in 2021 and 2022. In addition to the prison sentence, he has also been ordered to pay $860,000 in restitution to his victims. 

CTV News also reported that Vasiliev has also consented to being extradited to the U.S. — where he is facing several charges unsealed in a New Jersey court in 2022 for his role in LockBit.

The U.S. charges include  conspiracy to intentionally damage protected computers and to transmit ransom demands. He faces a maximum sentence of five years in prison if convicted. 

He is one of only two LockBit suspects known, by name, to be in law enforcement custody.  Ruslan Astamirov is awaiting trial in the U.S. on charges filed last June related to deploying LockBit against victims in Florida, Kenya, France and Japan.

He was released on bail last year but rearrested in December after violating the conditions of his parole. 

Last month, an international law enforcement operation brought down the ransomware gang’s infrastructure and identified hundreds of affiliates involved in the group. The U.S. Justice Department also unsealed indictments of Russian nationals Artur Sungatov and Ivan Kondratiev — an infamous hacker also known as Bassterlord.

Two arrests in Ukraine and Poland were announced as part of the rollout of the takedown, but police did not reveal the identities of those detained.

LockBit was the most prolific ransomware operation in the world before its takedown, launching thousands of attacks against governments, businesses and organizations in dozens of countries. 

The gang offered its ransomware as a service, providing its platform to customers for a fee since 2019. Researchers at Recorded Future attributed nearly 2,300 attacks to this threat actor. The group received more than $120 million in ransom payments since it began operating

The gang has tried to give the illusion that it is still operating, posting data stolen from organizations before the law enforcement takedown.