Unmasking the Russian national involved in Lockbit ransomware attacks

An announcement by the Justice Department of the United States of America revealed charges against a Russian national implicated in the deployment of numerous LockBit ransomware attacks and other cybercrimes targeting computer systems in the United States, Asia, Europe, and Africa.

The complaint in Newark federal court, charges Ruslan Magomedovich Astamirov, a 20-year-old individual from the Chechen Republic, Russia. Astamirov stands accused of conspiring to commit wire fraud, intentionally damaging protected computers, and transmitting ransom demands. He was apprehended in Arizona and is scheduled for his initial court appearance in the District of Arizona.

U.S. Attorney Sellinger stated, "Astamirov is the third defendant charged by this office in the LockBit global ransomware campaign, and the second defendant to be apprehended. The LockBit conspirators and any other ransomware perpetrators cannot hide behind imagined online anonymity. We will continue to work tirelessly with all our law enforcement partners to identify ransomware perpetrators and bring them to justice."

Deputy Attorney General Lisa O. Monaco added, "This LockBit-related arrest, the second in six months, underscores the Justice Department's unwavering commitment to hold ransomware actors accountable. In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the department has once again demonstrated the long arm of the law. We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide."

FBI Newark Special Agent in Charge James E. Dennehy commented, "These cybercriminals hide in a virtual world but cause very real harm when they seize control of computer systems, putting companies and customers in an unimaginable bind. Either pay the ransoms or lose control of your entire information technology infrastructure. It is too high a price for anyone to be forced to pay. Astamirov's arrest, along with the others charged in this case, is a simple but devastating illustration of how we are following through on our promise - we are bringing these hackers to justice."

Court documents:

IIIII - The LockBit ransomware variant emerged in January 2020. LockBit actors have launched over 1,400 attacks against victims worldwide, with ransom demands exceeding $100 million. Tens of millions of dollars have been received as actual ransom payments, primarily in bitcoin.

To facilitate his LockBit-related activities, Astamirov owned, controlled, and utilized various email addresses, Internet Protocol (IP) addresses, and other online provider accounts, enabling him and his co-conspirators to deploy LockBit ransomware and communicate with their victims. Law enforcement managed to trace a portion of a victim's ransom payment to a virtual currency address controlled by Astamirov in at least one instance.- IIII

This announcement follows LockBit-related charges in two other cases from the District of New Jersey. In November 2022, criminal charges were filed against Mikhail Vasiliev, a Canadian national currently in custody in Canada awaiting extradition to the United States. In May 2023, an indictment was issued against Mikhail Pavlovich Matveev, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, for his alleged involvement in separate conspiracies to deploy LockBit, Babuk, and Hive ransomware variants against victims in the United States and abroad.

The charge of conspiring to intentionally damage protected computers and transmit ransom demands carries a maximum prison sentence of five years. The charge of conspiring to commit wire fraud is punishable by up to 20 years in prison. Both charges also carry a maximum fine of $250,000 or twice the gain or loss from the offense, whichever is greater.