LockBit Ransomware Attacks

Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world.

The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario.

Astamirov was arrested in Arizona by U.S. law enforcement agencies in May 2023. Vasiliev, who is already wanted for similar charges in Canada, was sentenced to nearly four years in jail. He was subsequently extradited to the U.S. last month.

The development comes more than two months after the U.K. National Crime Agency (NCA) unmasked a 31-year-old Russian national named Dmitry Yuryevich Khoroshev as the administrator and developer of the LockBit ransomware operation.

Cybersecurity

LockBit, which is estimated to have attacked over 2,500 entities since its appearance towards the end of 2019, raking in at least approximately $500 million in ransom payments from their victims.

Earlier this year, the e-crime syndicate suffered a massive blow after its online infrastructure was taken down as part of a coordinated law enforcement operation dubbed Cronos. The group, however, continues to remain active.

Vasiliev and Astamirov "would first identify and unlawfully access vulnerable computer systems," the U.S. Justice Department said. "They would then deploy LockBit ransomware on victim computer systems and both steal and encrypt stored data."

"After a successful LockBit attack, LockBit's affiliate members would then demand a ransom from their victims in exchange for decrypting the victims' data and deleting stolen data."

Astamirov (aka BETTERPAY, offtitan, and Eastfarmer) is said to have deployed LockBit against at least 12 victims between 2020 and 2023, receiving $1.9 million in ransom payments from victims located in the U.S. state of Virginia, Japan, France, Scotland, and Kenya.

He has pleaded guilty to conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud. The two-count charges carry a maximum penalty of 25 years in prison.

Similarly, Vasiliev – operating under the aliases Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, Newwave110 – deployed the ransomware against 12 businesses in the U.S. states of New Jersey and Michigan, as well as the U.K. and Switzerland.

Cybersecurity

Vasiliev faces up to 45 years in prison for charges related to conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, transmission of a threat in relation to damaging a protected computer, and conspiracy to commit wire fraud.

Both the defendants are due to be sentenced on January 8, 2025. Khoroshev was charged on 26 counts earlier this May for spearheading the LockBit operation, although he remains at large.

"It's a common misconception that cyber hackers won't get caught by law enforcement because they're smarter and savvier than we are," James E. Dennehy, FBI special agent in charge of the Newark Field Office, said.

"Two members of the LockBit affiliate pleading guilty to their crimes in U.S. federal court illustrate we can stop them and bring them to justice. These malicious actors believe they can operate with impunity – and don't fear getting caught because they sit in a country where they feel safe and protected."


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.