Individual Arrested in Arizona Linked to Russian LockBit Ransomware Operations
A Russian national, Ruslan Magomedovich Astamirov, aged 20 and hailing from the Chechen Republic, has recently faced charges brought by the U.S. Department of Justice (DoJ). The accusations stem from his alleged role in deploying the LockBit ransomware to various targets across continents including the U.S., Asia, Europe, and Africa. Astamirov is believed to have carried out at least five attacks between August 2020 and March 2023. His arrest took place in Arizona last month.
The DoJ issued a statement as follows:
Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware.
Astamirov managed numerous email addresses, IP addresses, and other online accounts as part of his work with LockBit. These were used to set up communication channels with the intended victims and deliver the ransomware.
A portion of the ransom payments made by an unnamed victim to a virtual currency address used by Astamirov’s enterprise was successfully traced by law enforcement officials.
If found guilty, the defendant might be sentenced to a maximum of 20 years in jail for the first accusation and up to five years for the second offense.
Our Readers ALSO READMan Steals $600K in Sports Betting Website Hack
Astamirov joins the list of individuals prosecuted in the United States for their involvement with LockBit, alongside Mikhail Vasiliev, who awaits extradition, and Mikhail Pavlovich Matveev, who was recently indicted. Matveev, however, remains at large and is wanted for his participation in LockBit, Babuk, and Hive ransomware activities.
Matveev, who claims to be self-taught, openly admitted to his affiliation with the now-defunct Hive operation and expressed his aspirations to elevate the IT industry in Russia to new heights.
A joint advisory issued by cybersecurity officials from Australia, Canada, France, Germany, New Zealand, the United Kingdom, and the United States was announced at the same time as the U.S. Department of Justice’s announcement. The advice clearly mentioned the risks associated with LockBit malware.
According to the ransomware-as-a-service (RaaS) business model, LockBit employs affiliates to carry out attacks on corporate networks on behalf of a core team. As compensation for their actions, these affiliates receive a portion of the illegal revenues.
Data from victims is frequently encrypted and then exfiltrated by affiliates as part of a twofold extortion approach. The victims are then coerced into paying the desired ransom by using the fear of the stolen data being published on leaked sites.
Since its emergence in late 2019, the group has reportedly carried out approximately 1,700 attacks. However, the actual number is suspected to be higher due to the nature of the dark web data leak site. This site only discloses information about victims who have chosen not to pay the ransom, thereby concealing the full extent of the group’s activities.