The U.S. Department of Justice (DoJ) on Thursday announced indictments against Russians for alleged involvement in deploying the LockBit ransomware to targets in the U.S., Asia, Europe and Africa.
Ruslan Magomedovich Astamirov, 20, of the Chechen Republic, was arrested in Arizona last month after being accused of conducting at least five attacks between August 2020 and March 2023. .
“Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud, intentionally damage protected computers, and demand ransoms through the use and deployment of ransomware. Yes,” the Justice Department said. Said.
Astamirov maintained various email addresses, IP addresses, and other online accounts to deploy ransomware and communicate with victims as part of his LockBit-related activities.
Law enforcement said they were able to trace part of the ransom paid by an anonymous victim to a cryptocurrency address operated by Astamirov.
If convicted, the defendant faces up to 20 years in prison for the first offense and five years in prison for the second offense.
Astamirov is the only person in the United States related to LockBit to join Mikhail Vasiliev, who is currently awaiting extradition to the United States, and Mikhail Pavlovich Matveev, who was indicted last month for his participation in the LockBit, Babak and Hive ransomware. He is the third person to be indicted. Matveev is still at large.
Self-taught, Matveev also acknowledged his role as an affiliate of the now-defunct Hive business and professed his desire to “take Russian IT to the next level.”
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!
The DOJ statement also comes a day after cybersecurity authorities from Australia, Canada, France, Germany, New Zealand, the UK and the US issued a joint advisory warning on the LockBit ransomware.
LockBit works under a Ransomware as a Service (RaaS) model. In this model, affiliates are recruited to carry out attacks on corporate networks on behalf of the core team in exchange for a portion of their illicit revenue.
The affiliate used a double extortion scheme to first encrypt the victim’s data and then steal it while threatening to post the stolen data to the leak site in order to pressure the target into paying a ransom. known to use the method.
The group is estimated to have launched nearly 1,700 attacks since its emergence in late 2019, but the dark web data breach site only reveals the names of victims who refused to pay the ransom and the leaked data. Therefore, the exact number is believed to be higher.