Awaiting extradition to the U.S. on cybercrime charges, Russian hacker Mikhail Vasiliev pleaded guilty today in a Newmarket courtroom to 8 counts of cyber extortion, mischief and weapons charges against Canadian victims.
“This closes a chapter in this aspect of the case,” said defence lawyer Louis Strezos. “Mr. Vasiliev pleaded guilty to the Canadian charges. He accepted full responsibility for his actions here in Canada.”
The 34-year-old Russian-Canadian from Bradford was accused of being a ransomware hacker who held sensitive computer data hostage in exchange for ransom payments from victims, including businesses in Saskatchewan, Montreal and Newfoundland.
The court heard Vasiliev tried to extort the three Canadian companies out of hundreds of thousands of dollars each between 2021 and 2022 and paralyzed them while encrypting systems and financial information, all while the FBI kept a close eye on him.
Vasiliev was initially arrested more than a year ago when police busted him inside his Bradford home, catching him in the act.
U.S. Investigators say he was sitting at a table inside his garage while on a laptop, committing cyber crimes as part of an international ransomware group called LockBit with several tabs open on his laptop, including one pointing to a site named ‘LockBit LOGIN’ with a LockBit logo.
Along with cybercrime charges, Vasiliev pleaded guilty to illegally having two loaded semi-automatic handguns in a black backpack.
“We forged and fostered some valuable partnerships with our law enforcement partners in the United States and Europe,” said OPP Det. Insp. Matt Watson. “The end result is what you see today, which is a conviction of a very serious criminal who is responsible for a pernicious form of criminal activity.”
U.S. justice officials say the LockBit group Vasiliev is accused of being associated with made at least $100 million in ransom demands and took tens of millions of dollars in ransom payments from at least 1,000 cyber attacks on victims around the world.
The U.S. Department of Justice says Canadian police officers searched Vasiliev’s Bradford home in August, where they discovered a file containing a list of prospective or previous cybercrime victims. The court heard several devices were seized by investigators who found Vasiliev had used a private network routed through the U.S. to evade detection.
Vasiliev was granted bail to a surety on a pledge made by his mother of $600,000.
As part of his bail conditions, Vasiliev was to be nowhere near computers, the internet, or bus, airport or train stations.
In December, however, Vasiliev was taken into custody. He was charged with three counts of extortion and unauthorized use of a computer, along with failing to comply with a release order.
His lawyer said Vasiliev became a cyber criminal while bored at home during the pandemic.
The Crown is asking he be sentenced to five years, the defence for 3.5 years, after consenting to his extradition to face charges in the United States.
Before leaving the courtroom, Vasiliev kissed his wife goodbye. He is scheduled to be sentenced in March.