The Hacker News reports that Russian-Canadian national Mikhael Vasiliev has been charged by the U.S. Department of Justice for his alleged involvement in the LockBit ransomware operation.
Charges of conspiracy to intentionally damage protected computers and to transmit ransom demands have been filed against Vasiliev, who could be sentenced to up to five years imprisonment upon his extradition to the U.S.
Canadian law enforcement, who led the arrest of Vasiliev, discovered that the defendant had a file with suspected past or prospective LockBit victims, as well as screenshots of conversations with LockBitSupp. Vasiliev was also found to have a text file with LockBit ransomware deployment instructions, source code, and the control panel website. Nearly $17,332 in bitcoin has also been discovered to be received by Vasiliev from a LockBit victim in February.
"Since first appearing, LockBit has been deployed against at least as many as 1,000 victims in the United States and around the world. LockBit members have made at least $100 million in ransom demands and have extracted tens of millions of dollars in actual ransom payments from their victims," said the Justice Department.
Such a vulnerability, which arises from an insufficient security hash check vulnerable to brute-forcing, could be successfully abused with the activation of certain configurations within the plugin's crawler feature.
Attacks exploiting the authentication weakness within the 'lighthttpd' server, tracked as CVE-2024-8957, and the insufficient input sanitization bug, tracked as CVE-2024-8957, could enable camera hijacking and bot compromise, as well as further infiltration of devices within the same network.
Such an intrusion has prompted automated delivery of the malicious lottie-player NPM package versions among users who obtained the library through third-party content delivery networks.