LockBit Ransomware Gang Member Nabbed in Canada
Reading Time: 2 minutes

LockBit Ransomware gang member a Canadian and Russian national Mikhail Vasiliev was arrested on November 9 in Canada and awaits his extradition to the United States. 

He faces charges for conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection with that damage. According to U.S. Department of Justice(DoJ) , their efforts were to spread ransomware and extort victims.

The DoJ announced a new arrest connected to LockBit ransomware, which has been involved in harming victims around the world for over two-and-a-half years.

The LockBit Ransomware Gang has been active since 2019 and has targeted high-profile targets all over the world. US prosecutors reported that this ransomware has hit more than 1,000 different entities and made tens of millions of dollars in ransom payments.

Recently, LockBit has gained a lot of attention because it infected an IT supplier for the NHS 111 emergency phone line. The attack was successful because the attackers had access to Citrix server credentials. This led to NHS staff being forced to communicate with patients on paper when their system crashed.

LockBit’s victims are unknown outside of the charges leveled against Vasiliev by a federal court in Newark, New Jersey. The Department of Justice declined to divulge which LockBit victims have been linked to Vasiliev’s alleged misconduct.

 Vasiliev if convicted of the fraud could face as much as five years in prison and a fine of up to $250,000. If his crimes are linked to LockBit’s $10 million-plus takings, the fines alone could surpass that amount.

CISA Advice on How to Patch your Security Flaws
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has created a decision tree to help them decide when to patch. They must think the diagram is interesting because they want everyone to see it.

CISA’s Stakeholder-Specific Vulnerability Categorization (SSVC) system separates vulnerabilities into four categories: Track, which doesn’t require action; Track*, which requires close monitoring and action within standard update timelines; Attend, meaning it needs to be patched sooner than standard update timelines; and Act, which requires action as soon as possible.

The SSVC tree decides where to install patches for Microsoft vulnerabilities by considering exploit status, technical impact, how the exploit could be used in an attack, and the level of harm caused to public wellbeing. While IT teams are under pressure from vendors to install fixes quickly, they want to avoid unpacking a new digital security patch that breaks production service in the process.

There are two free, downloadable PDFs created by the Canadian Information Security Association that can help you learn more about the framework, and how to keep up with it. In addition, there’s an SSVC calculator that can help with developing an appropriate decision-making tree when it comes to applying updates.

Along with talk of its decision tree, the CISA announced new commitments to grow a wider vulnerability management ecosystem that will include an automated advisory framework and a push for organizations to join exploit-exchange systems.

Related Articles:
Feds Arrest Ukrainian of Renting out Raccoon Malware
European Police Nabs Hacker Gang That Used Wireless Key Fobs to Steal Cars
FBI, CISA, and NSA Explain How Hackers Target Defense Industrial Base Organizations