Vasiliev

Threat Actor updated a month ago (2024-10-17T13:02:26.757Z)

Download STIX

Preview STIX

Mikhail Vasiliev, a dual Russian-Canadian national known by various online aliases such as "Ghostrider," was a key threat actor involved in the global LockBit ransomware campaign. Alongside fellow members like Ruslan Magomedovich Astamirov, and others including Sungatov, Kondratyev, and Mikhail Pavlovich Matveev, Vasiliev played a significant role in developing and deploying the LockBit ransomware. This group, through their collective efforts, extorted payments from victim corporations around the globe. From 2021 to 2023, Vasiliev deployed LockBit against at least 12 victims, which included businesses in New Jersey, Michigan, the United Kingdom, and Switzerland, causing damages and losses amounting to at least $500,000. In November 2022, Vasiliev was charged for his involvement in the LockBit campaign. The complaint filed in the District of New Jersey implicated him and other members of the LockBit conspiracy, including Astamirov, Sungatov, Kondratyev, and Matveev. LockBit's "affiliate" members, including Vasiliev and Astamirov, were known to identify and unlawfully access vulnerable computer systems, subsequently deploying the LockBit ransomware on these systems to both steal and encrypt stored data. Vasiliev was arrested by Canadian authorities in November 2022 and extradited to the United States in June 2023. In July, he, along with Astamirov, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation. Following his extradition, Vasiliev has been sentenced to four years in federal prison. His arrest and subsequent conviction mark significant progress in the ongoing battle against global cyber threats.

Description last updated: 2024-10-17T12:33:32.126Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Ghostrider is a possible alias for Vasiliev. Ghostrider, also known as a threat actor, is an online alias used by Vasiliev, who has been associated with multiple cyberattacks between 2021 and 2023. Other aliases utilized by Vasiliev include "Free," "Digitalocean90," "Digitalocean99," "Digitalwaters99," and "Newwave110." The primary tool of dis	3
Newwave110 is a possible alias for Vasiliev.	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Fraud

Encrypt

Fbi

Extortion

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with Vasiliev. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	7

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Mikhail Pavlovich Matveev Threat Actor is associated with Vasiliev. Mikhail Pavlovich Matveev, a Russian national also known by online monikers Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been identified as a major threat actor in the world of cybersecurity. Matveev is among five Russians charged in connection with Lockbit, a group widely recognized as one of	Unspecified	2
The Artur Sungatov Threat Actor is associated with Vasiliev. In February 2024, the U.S. Justice Department unsealed an indictment in the District of New Jersey against Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, for their involvement with the LockBit ransomware group. This notorious cybercriminal organization has been acti	Unspecified	2
The Ivan Kondratyev Threat Actor is associated with Vasiliev. Ivan Kondratyev, also known as Bassterlord, is a recognized threat actor associated with the notorious LockBit ransomware group. The Russian national has been linked to malicious cyber activities targeting numerous businesses and industries across the United States and globally. Operating alongside	Unspecified	2
The Wazawaka Threat Actor is associated with Vasiliev. Wazawaka, identified by the FBI as Mikhail Matveev, is a significant threat actor in the cybercrime landscape. Known for his affiliations with multiple ransomware groups, including LockBit, throughout 2020 and 2021, he became a central figure in the Babuk ransomware-as-a-service gang. Matveev's oper	Unspecified	2
The Bassterlord Threat Actor is associated with Vasiliev. Bassterlord, a known threat actor and affiliate of the LockBit group, has been associated with multiple malicious cyber activities since August 2021. Operating under the alias "Bassterlord," Ivan Kondratyev allegedly deployed LockBit ransomware against private and municipal entities in New York, Ore	Unspecified	2

Source Document References

Information about the Vasiliev Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	Police arrested four new individuals linked to the LockBit ransomware operation
Securityaffairs	3 months ago	Lockbit gang claims the attack on the Toronto District School Board
CERT-EU	9 months ago	US charges two Russian nationals in LockBit ransomware case amid global crackdown
Flashpoint	4 months ago	COURT DOC: Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
DARKReading	4 months ago	Two Foreign Nationals Plead Guilty to Participating in LockBit Ransomware Group
InfoSecurity-magazine	4 months ago	Two Russians Convicted for Role in LockBit Attacks
Securityaffairs	4 months ago	Russian nationals plead guilty to participating in the LockBit ransomware group
Securityaffairs	4 months ago	Russian nationals plead guilty to participating in the LockBit ransomware group
Flashpoint	7 months ago	COURT DOC: U.S. Charges Russian National with Developing and Operating LockBit Ransomware
Securityaffairs	7 months ago	Law enforcement agencies identified LockBit ransomware admin and sanctioned him
Krebs on Security	7 months ago	U.S. Charges Russian Man as Boss of LockBit Ransomware Group
BankInfoSecurity	7 months ago	LockBitSupp's Identity Revealed: Dmitry Yuryevich Khoroshev
CERT-EU	a year ago	Russian man arrested for alleged involvement with LockBit ransomware gang \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Ransomware attack exposes sensitive data for nearly 9 million dental patients \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	US indicts two Russian nationals in LockBit ransomware case \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	Police arrest LockBit ransomware members, release decryptor in global crackdown
Flashpoint	a year ago	COURT DOC: Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses
Flashpoint	9 months ago	COURT DOC: U.S. and U.K. Disrupt LockBit Ransomware Variant
CERT-EU	9 months ago	LockBit affiliates arrested in Ukraine, Poland \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securityaffairs	a year ago	A Russian national charged for committing LockBit Ransomware attacks