Arrest in Canada of LockBit operator behind destructive ransomware attacks
One of the world’s most prolific ransomware operators has been arrested on 26 October in Ontario, Canada, following a complex investigation led by the French National Gendarmerie (Gendarmerie Nationale), with the support of Europol, the US Federal Bureau of Investigation (FBI) and the Canadian Royal Canadian Mounted Police (RCMP).
A 33-year old Russian national, the suspect is believed to have deployed the LockBit ransomware to carry out attacks against critical infrastructure and large industrial groups across the world. He is known for his extortionate ransom demands ranging between €5 to €70 million.
This arrest is the follow-up of an action carried out in Ukraine in October 2021 which led to the arrests of two of his accomplices.
Facilitated by Europol, investigators across the world have since then continued to work closely together to identify the whereabouts of the main operator. This suspect was one of Europol’s high-value targets due to his involvement in numerous high-profile ransomware cases.
Investigators from the French Gendarmerie, the US FBI and Europol’s European Cybercrime Centre (EC3) were deployed to Ontario to jointly conduct investigative measures with the Canadian law enforcement authorities.
The following was seized at the suspect’s home:
- 2 firearms
- 8 computers and 32 external hard drives
- EUR 400 000 in cryptocurrencies
The suspect will now faces charges in the United States.
This operation was carried out with the financial support of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).