Mikhail V., a 33-year-old Russian-Canadian resident of Ontario, whose name was unknown to the public until a week ago. But not for a long time, it is of interest to the justice of France and America today. Little left his home and carefully separated his secretive online life from his private life, according to a portrait painted by a source familiar with the matter, until he was arrested by local authorities in late October, backed by six French gendarmes. Travel to Canada.
That person might be a big hacker working with several ransomware groups (or Ransomware), these hackers break into the computer network of companies and organizations, steal data, encrypt files and render the machines unusable and then demand a ransom. According to the Paris prosecutor’s office, Michael V. Suspected of working with four of the most prominent groups in recent years: Ragnar’s Locker, Lockpit, Black Cat, and Darkside.
About 1,800 victims worldwide may be linked
The first technical findings, and in particular the analysis of the Canadian managed server, could link this suspect to more than 1,800 victims worldwide and 115 in France. An impressive number that makes it a very active “affiliate,” the name given today to hackers who specialize in computer infiltration and work with ransomware developers.
The investigation is still trying to paint a full portrait of the Canadian citizen’s victims. According to our information, Confirms a special site called ZDNetIn the metropolitan area, Michael V. It is suspected of being linked to the attack in January and was given by its editors. Targeting the Ministry of JusticeBut it really affected a law firm in Kane.
The arrest follows the opening of a preliminary investigation in September 2020 by the Paris prosecutor’s office’s special unit J3, the Gendarmerie’s Center for the Fight against Digital Crime (C3N). In September 2021, the investigation had already triggered the first operation in Ukraine with the arrest of two people.
An emotional automaton
Michael V., who is of Russian descent, arrived in Canada as a teenager and began frequenting cybercrime discussion forums before his majority, according to a source familiar with the matter. Never punished by the courts, today the automaton is suspected of participating in various illegal activities, including the sale of false documents and the smuggling of bank data. After being integrated into the world of ransomware, he is most likely focused on this activity.
According to a US court document, the first Canadian search warrant found screenshots of online conversations on his computer in August at his home in southern Ontario. “lockbitsup”, the now famous nickname of one of the leaders of the Russian-speaking Lockbit group. Michael V. Investigators also found evidence that Lockbit had access to tools provided to its affiliates, as well as a trace of a cryptocurrency wallet in which the group received funds from victim-paid ransoms.
The pirate is now targeted by an international arrest warrant issued by France and the United States; He is now awaiting extradition to the latter country, where he faces up to five years in prison, according to a press release issued by the US Department of Justice. In France, judicial investigation is open to leaders of extortion in an organized gang, participation in a criminal association and attack on an automated data processing system.
Most researched groups
The groups the man is suspected of working with represent the top of the cybercrime basket: he has only a handful of French victims to his name, the now-defunct group DarkSide, which sowed chaos on American pipe networks. By attacking the colonial pipeline company. An attack led the United States to flex its muscles, and forced some cybercrime groups to temporarily keep a low profile. BlackCat, nicknamed Alphv, has only a few known victims in France, according to the French source, but shows Technical technique This worries experts. The Ragnar Locker group has victimized many, including France-based computer hardware distribution group LTDL or Japanese video game publisher Capcom.
Lockbit, on the other hand, stands out for the impressive number of victims it claims, thanks to a massive affiliate recruitment campaign. Recently Interview granted to VX-Underground, a collective of experts specializing in malware, a member of the group thus confirmed that he had worked with nearly a hundred affiliates. In France, the group is suspected of being behind an attack on the Corbail-Essonnes hospital center, which strained the medical establishment.