Two Russian citizens have admitted to launching ransomware attacks in the United States, Asia, Europe and Africa for notorious hacker group LockBit.
Ruslan Magomedovich Astamirov and Mikhail Vasiliev admitted that they helped deploy the ransomware variant, which The species first appeared in 2020.
The men pleaded guilty Thursday in federal court in Newark, New Jersey, as six people were charged in connection with the LockBit attacks, including Dimitri Yurievich, the group’s creator, developer and administrator who the United States said was Dimitry Yuryevich Khoroshev. U.S. authorities are offering a reward of up to $10 million for his arrest.
Astamirov, 21, of the Chechen Republic, and Vasilyev, 34, of Bradford, Ont., pleaded guilty to charges including conspiracy to commit computer fraud and abuse.
LockBit is the name of a variant of ransomware, which is malicious code that locks a computer before hackers demand a ransom to unlock it. Hacking groups are often known by the names of their ransomware variants. LockBit successfully deployed a ransomware-as-a-service model in which “affiliates” rented the malware code and carried out the actual hacking attacks in exchange for paying the group’s leaders a share of the illicit proceeds. According to the Ministry of Justice, Astamirov and Vasilyev are related persons.
In recent years, the United States and its allies have actively tried to curb ransomware attacks by sanctioning hackers or entities associated with them or disrupting the online infrastructure of cybercriminal groups. But many hackers are located in places like Russia, which provides them with safe havens and makes it difficult for Western law enforcement to arrest them.
In February, U.S. and British authorities announced they had disrupted LockBit’s operations, arrested suspected members, seized servers and cryptocurrency accounts, and recovered decryption keys to unlock hijacked data.
“As we did earlier this year, we have conducted significant strikes against destructive ransomware groups such as LockBit, seizing LockBit’s assets,” Deputy Attorney General Lisa Monaco said in a statement. Take control of the infrastructure and distribute decryption keys to victims.
The United States said Vasilyev deployed LockBit against at least 12 victims, including an educational institution in the United Kingdom and a school in Switzerland. He was arrested by Canadian authorities in November 2022 and extradited to the United States in June.
Astamirov was arrested by the FBI last year. In May 2023, he agreed to be interviewed by FBI agents in Arizona and had his electronic devices confiscated. He initially denied having anything to do with the Russian provider’s email account, but agents later discovered records related to it on his device, according to the arrest complaint. Records show Astamirov used the email to “create multiple online accounts under names that were exactly or nearly identical to his own,” according to the indictment.
According to the FBI complaint, Astamirov carried out cyber attacks on at least five victims after August 2020. These include: businesses in France and West Palm Beach, Florida; a company in Tokyo that refused to pay the ransom, leading the group to post stolen material on a “leaky site” for extortion victims; a company in Virginia after 24,000 documents were stolen The attack was stopped; a Kenyan business agreed to pay the ransom after some of its stolen data was posted to the LockBit website.
Both men are scheduled to be sentenced on January 8, 2025.
CEO Daily provides the critical context news leaders in the business world need to understand. Every weekday morning, more than 125,000 readers trust CEO Daily to get insights on the C-suite and beyond. Subscribe now.
