LockBit administrator sentenced to almost four years in prison after guilty plea


An administrator for the LockBit ransomware gang has been sentenced to four years in prison after pleading guilty to eight charges in a Canadian court last month.

Mikhail Vasiliev, a 34-year-old Canadian-Russian dual national, has been in legal peril since he was first arrested in October 2022 at his home in Bradford, Ontario, as part of an international operation involving European, U.S. and Canadian authorities. He has faced charges from both the U.S. Department of Justice and Canadian authorities since his arrest. 

On Tuesday, Justice Michelle Fuerst handed down an almost four-year sentence to Vasiliev, calling him a “cyber terrorist” who was “motivated by his own greed,” during a hearing in Orillia, Canada. Vasiliev’s lawyer, Louis Strezos, told CTV News that the hacker “took responsibility for his actions” and only became involved in cybercrime during the COVID-19 pandemic.

Vasiliev pled guilty to eight charges involving cyber extortion, weapons possession and more. The charges related to ransomware attacks launched against three Canadian companies in 2021 and 2022. In addition to the prison sentence, he has also been ordered to pay $860,000 in restitution to his victims. 

CTV News also reported that Vasiliev has also consented to being extradited to the U.S. — where he is facing several charges unsealed in a New Jersey court in 2022 for his role in LockBit.

The U.S. charges include  conspiracy to intentionally damage protected computers and to transmit ransom demands. He faces a maximum sentence of five years in prison if convicted. 

He is one of only two LockBit suspects known, by name, to be in law enforcement custody.  Ruslan Astamirov is awaiting trial in the U.S. on charges filed last June related to deploying LockBit against victims in Florida, Kenya, France and Japan.

He was released on bail last year but rearrested in December after violating the conditions of his parole. 

Last month, an international law enforcement operation brought down the ransomware gang’s infrastructure and identified hundreds of affiliates involved in the group. The U.S. Justice Department also unsealed indictments of Russian nationals Artur Sungatov and Ivan Kondratiev — an infamous hacker also known as Bassterlord.

Two arrests in Ukraine and Poland were announced as part of the rollout of the takedown, but police did not reveal the identities of those detained.

LockBit was the most prolific ransomware operation in the world before its takedown, launching thousands of attacks against governments, businesses and organizations in dozens of countries. 

The gang offered its ransomware as a service, providing its platform to customers for a fee since 2019. Researchers at Recorded Future attributed nearly 2,300 attacks to this threat actor. The group received more than $120 million in ransom payments since it began operating

The gang has tried to give the illusion that it is still operating, posting data stolen from organizations before the law enforcement takedown

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Russian independent media outlet Meduza faces ‘most intense cyber campaign’ ever

Next Post

Russian-Swedish national behind $400 million crypto mixer convicted of money laundering

Related Posts

Iranian MuddyWater Hackers Adopt New C2 Tool ‘DarkBeatC2’ in Latest Campaign

The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. "While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater’s methods remain constant," Deep
Read More

Report: The Dark Side of Phishing Protection

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of
Read More