Two LockBit Ransomware Affiliates Plead Guity and Face Up to 70 Years in Prison
The Department of Justice has announced that two foreign nationals have pleaded guilty to charges related to their participation in the LockBit ransomware operation and for using ransomware to attack businesses in the United States and worldwide.
The LockBit ransomware-as-a-service (RaaS) operation emerged in 2020 and rapidly became the most prolific ransomware group worldwide. LockBit ransomware has been used to attack more than 2,500 victims, including 1,800 in the United States, and has generated more than $500 million in ransom payments. In February 2024, an international law enforcement operation (Operation Chronos) seized the infrastructure of the group, including data leak sites, servers, around 14,000 accounts involved with data exfiltration, and around 200 cryptocurrency accounts that were used by the group and its affiliates. The group survived the disruption but has since operated at a reduced capacity.
Ruslan Magomedovich Astamirov, 21, a Russian national of the Chechen Republic in Russia, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario, were both affiliates of the group who conducted ransomware attacks on individuals, small businesses, multinational corporations, hospitals, schools, nonprofits, critical infrastructure, and government and law-enforcement agencies. They identified victims, unlawfully accessed their computer systems, exfiltrated data, then deployed LockBit ransomware and demanded a ransom payment. Payment was required to obtain the decryption keys and have the stolen data deleted. Non-payment meant files remained encrypted and the stolen data was uploaded to the group’s data leaks site, where it could be downloaded by anyone.
Astamirov deployed LockBit ransomware against at least 12 victims around the world, including businesses in Virginia and Florida, and extorted $1.9 million from those victims. Astamirov was arrested and charged in June 2023. Vasiliev also conducted attacks on at least 12 victims, including businesses in New Jersey and Michigan, and caused more than $500,00 in damage and losses. Vasiliev was arrested by Canadian authorities in November 2022 and was extradited to the United States in June 2024.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
On Thursday in federal court in Newark, New Jersey, both men entered guilty pleas for their roles in the Lockbit attacks. Astamirov pleaded guilty to two charges of conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud and now faces a sentence of up to 25 years in prison. His plea agreement includes the forfeiture of assets including $350,000 in cryptocurrency that was extorted from one of his victims.
Vasiliev pleaded guilty to four charges of conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, transmission of a threat in relation to damaging a protected computer, and conspiracy to commit wire fraud, and faces up to 45 years in prison. The pair are due to be sentenced in January 2025.
“Astamirov and Vasiliev thought that they could deploy LockBit from the shadows, wreaking havoc and pocketing massive ransom payments from their victims, without consequence,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “They were wrong. We, in New Jersey, along with our domestic and international law enforcement partners will do everything in our power to hold LockBit’s members and other cybercriminals accountable, disrupt and dismantle their operations, and put a spotlight on them as wanted criminals—no matter where they hide.”
Following on from Operation Chronos, the leader of the group, Russian national Dmitry Yuryevich Khoroshev aka LockBitSupp, was indicted and charged by the District of New Jersey. Khoroshev is alleged to have been the group’s administrator from as early as September 2019, was involved in recruiting affiliates, and developed and maintained the LockBit infrastructure. The U.S. government has offered a $10 million reward for information that leads to his arrest; however, Khoroshev is believed to live in Russia where he is beyond the reach of U.S. law enforcement. Charges have also been filed against three other LockBit affiliates, Russian nationals Artur Sungatov, Ivan Kondratyev, and Mikhail Matveev.
