The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world.

The 33-year-old Ontario resident, Mikhail Vasiliev, has been taken into custody and is awaiting extradition to the U.S., where is likely to be sentenced for a maximum of five years in prison.

Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands, according to a criminal complaint filed in the District of New Jersey.

A search of the defendant’s home in August and October 2022 by Canadian law enforcement unearthed a file stored on a device containing what’s suspected to be a list of “prospective or historical” victims as well as screenshots of communications exchanged with “LockBitSupp” on the Tox messaging platform.

Also found were a text file with instructions to deploy LockBit ransomware, the malware’s source code, and a website that’s believed to be the control panel operated by the group to administer the ransomware.

Furthermore, an analysis of bitcoin payments made to Vasiliev’s wallet purportedly uncovered the receipt of roughly 0.8BTC (~$17,332) that originated from a ransom payment that was paid by a LockBit victim in February 2022 to a wallet address provided by the group.

LockBit, which first emerged in September 2019, has emerged as one of the pre-eminent groups dabbling in ransomware-as-a-service (RaaS) campaigns. In June 2022, it launched a new version called LockBit 3.0 (aka LockBit Black).

According to statistics from Malwarebytes and NCC Group, LockBit has been linked to over 160 attacks in the months of September and October, with the group accounting for “almost half of all RaaS activity.”

LockBit 3.0 constituted 35% of the total ransomware attacks targeting industrial organizations in Q3 2022, including chemicals, drilling, industrial supplies, and interior design firms, accounting for 45 out of 128 incidents tracked by Dragos during the time period.

“Since first appearing, LockBit has been deployed against at least as many as 1,000 victims in the United States and around the world,” the DoJ said. “LockBit members have made at least $100 million in ransom demands and have extracted tens of millions of dollars in actual ransom payments from their victims.”

The arrest, which is likely to cause the RaaS gang to rebrand, is the result of an investigation set in motion by the U.S. Federal Bureau of Investigation (FBI) since around March 2020, the DoJ added.