June 16, 2023Ravi LakshmananRansomware/Cybercrime

The U.S. Department of Justice (DoJ) on Thursday announced indictments against Russians for alleged involvement in deploying the LockBit ransomware to targets in the U.S., Asia, Europe and Africa.

Ruslan Magomedovich Astamirov, 20, of the Chechen Republic, was arrested in Arizona last month after being accused of conducting at least five attacks between August 2020 and March 2023. .

“Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud, intentionally damage protected computers, and demand ransoms through the use and deployment of ransomware. Yes,” the Justice Department said. Said.

Astamirov maintained various email addresses, IP addresses, and other online accounts to deploy ransomware and communicate with victims as part of his LockBit-related activities.

cyber security

Law enforcement said they were able to trace part of the ransom paid by an anonymous victim to a cryptocurrency address operated by Astamirov.

If convicted, the defendant faces up to 20 years in prison for the first offense and five years in prison for the second offense.

Astamirov is the only person in the United States related to LockBit to join Mikhail Vasiliev, who is currently awaiting extradition to the United States, and Mikhail Pavlovich Matveev, who was indicted last month for his participation in the LockBit, Babak and Hive ransomware. He is the third person to be indicted. Matveev is still at large.

recently interview Matveev told The Record that he was not surprised by the FBI’s decision to include his name in the record. Cyber ​​Most Wanted List “The news about me will soon be forgotten.”

Self-taught, Matveev also acknowledged his role as an affiliate of the now-defunct Hive business and professed his desire to “take Russian IT to the next level.”

upcoming webinars

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!

join the session

The DOJ statement also comes a day after cybersecurity authorities from Australia, Canada, France, Germany, New Zealand, the UK and the US issued a joint advisory warning on the LockBit ransomware.

LockBit works under a Ransomware as a Service (RaaS) model. In this model, affiliates are recruited to carry out attacks on corporate networks on behalf of the core team in exchange for a portion of their illicit revenue.

The affiliate used a double extortion scheme to first encrypt the victim’s data and then steal it while threatening to post the stolen data to the leak site in order to pressure the target into paying a ransom. known to use the method.

The group is estimated to have launched nearly 1,700 attacks since its emergence in late 2019, but the dark web data breach site only reveals the names of victims who refused to pay the ransom and the leaked data. Therefore, the exact number is believed to be higher.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog