Two Russian citizens plead guilty in LockBit ransomware attacks

July 19, 2024Press releaseRansomware/Cybercrime

Two Russian citizens have pleaded guilty in a US court to being partners in the LockBit ransomware program and facilitating ransomware attacks around the world.

The defendants include 21-year-old Ruslan Magomedovich Astamirov from the Chechen Republic and 34-year-old Mikhail Vasiliev from Bradford, Ontario, who holds both Canadian and Russian citizenship.

Astamirov was arrested by U.S. law enforcement in Arizona in May 2023. Vasiliev, who is already wanted in Canada on similar charges, was sentenced to nearly four years in prison and was extradited to the United States last month.

This development comes more than two months after the UK’s National Crime Agency (NCA) identified a 31-year-old Russian national named Dmitry Yuryevich Khoroshev as the administrator and developer of the LockBit ransomware operation.

Since its emergence in late 2019, LockBit is estimated to have attacked over 2,500 companies and extorted at least $500 million in ransom payments from its victims.

Earlier this year, the e-crime syndicate suffered a major blow after its online infrastructure was brought down as part of a coordinated law enforcement operation known as Cronos, but the group remains active.

Vasiliev and Astamirov would first identify vulnerable computer systems and gain unauthorized access, the US Department of Justice said. “They would then install the LockBit ransomware on the victims’ computer systems and steal and encrypt the stored data.”

“After a successful LockBit attack, LockBit affiliated members demanded a ransom from their victims in exchange for decrypting the victims’ data and deleting the stolen data.”

Astamirov (aka BETTERPAY, Offtitan and Eastfarmer) is said to have used LockBit against at least 12 victims between 2020 and 2023 and received $1.9 million in ransom payments from victims in the US state of Virginia, Japan, France, Scotland and Kenya.

He pleaded guilty to conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud. Both counts carry a maximum sentence of 25 years in prison.

Similarly, Vasiliev – who operated under the aliases Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99 and Newwave110 – used the ransomware against 12 companies in the US states of New Jersey and Michigan, as well as in the UK and Switzerland.

Vasiliev faces up to 45 years in prison on charges including conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, communicating a threat related to damage to a protected computer, and conspiracy to commit wire fraud.

Sentencing for both defendants is scheduled for January 8, 2025. Khoroshev was indicted in early May on 26 counts for leading the LockBit operation, but he remains at large.

“It’s a common misconception that cyber hackers don’t get caught by police because they’re smarter and more sophisticated than we are,” said James E. Dennehy, FBI special agent in charge of the Newark field office.

“Two members of the LockBit subsidiary have pleaded guilty to their crimes in U.S. federal court, showing that we can stop them and bring them to justice. These malicious actors believe they can act with impunity – and are not afraid of getting caught because they are based in a country where they feel safe and secure.”