June 15, 2023
The US Justice Department has officially pressed charges against another Russian individual, who stands accused of playing a role in deploying the notorious LockBit ransomware attacks and perpetrating various cybercrimes targeting computer systems across the United States, Asia, Europe, and Africa.
This latest legal action highlights the ongoing efforts to hold accountable those responsible for unleashing cyber threats that have wreaked havoc against individuals and private sectors, underscoring the urgent need for stronger cybersecurity measures.
Table of Contents
The Scope of LockBit Ransomware Operation
Since its inception in January 2020, the LockBit ransomware has operated on the Ransomware-as-a-Service (RaaS) model. The scope of the Lockbit attack targets organizations across the United States, Europe, Africa, and Asia. Disturbingly, the FBI’s estimates reveal a staggering number of approximately 1,700 attacks perpetrated in the US alone, with victims succumbing to paying ransoms amounting to an estimated $91 million.
In light of the complaint, law enforcement authorities have uncovered compelling evidence indicating that a Russian national named Ruslan Magomedovich Astamirov used a variety of email addresses to launch the LockBit ransomware attacks. Moreover, they have determined his control over an IP address associated with assaults on no less than four victims.
Further investigations have successfully linked the IP address mentioned above to a secondary email address utilized by Astamirov. Remarkably, it has been discovered that he received a significant portion, approximately 80%, of a ransom payment worth around $700,000 in cryptocurrency from a fifth victim who fell prey to the LockBit ransomware. This transaction underscores Astamirov’s active negotiation involvement, which likely involved additional co-conspirators.
In Related News: Patient Data Held Hostage in US Cancer Center Ransomware Attack
Allegations Against Magomedovich Astamirov
Court documents have revealed a significant breakthrough in the investigation, indicating that authorities successfully traced a victim’s payment to a cryptocurrency address under the control of Astamirov. The details, outlined in an FBI complaint (PDF), shed light on the Russian national’s involvement with the LockBit ransomware gang dating back to August 2020. He appears to have executed a minimum of five cyberattacks targeting systems of unsuspecting victims based in the United States.
Moreover, the complaint divulges an intriguing development that took place in May 2023. During a voluntary interview with the FBI, Astamirov initially provided false information regarding his association with one of the email addresses employed in the LockBit ransomware attacks. However, he later confessed to utilizing the same email account on at least three distinct devices, exposing his misleading statements. In a decisive move, law enforcement seized several of Astamirov’s personal devices, including an iPhone, an iPad, a MacBook Pro, and a USB drive. These items are expected to yield crucial evidence in the ongoing investigation.
US Attorney Philip R. Sellinger for the District of New Jersey stated that Astamirov is the third defendant charged by their office in the LockBit global ransomware campaign and the second defendant to have been apprehended. He emphasized that the LockBit conspirators and other ransomware perpetrators cannot seek refuge in the perceived online anonymity. He also assured that they would persistently collaborate with their law enforcement partners to identify ransomware perpetrators and ensure they face legal consequences.
Charges and Potential Penalties
Several allegations are currently against Astamirov, including conspiracy to conduct wire fraud, which carries a possible 20-year jail sentence. A second accusation against him is a conspiracy to send ransom demands and harm computers, which carries a maximum five-year prison sentence. A maximum fine of $250,000 or twice the gain or loss from the offense, whichever is higher, may also be imposed for each count.
FBI Deputy Director Paul Abbate expressed the agency’s dedication to pursuing ransomware actors such as the Russian national arrested, who have taken advantage of vulnerable cyber ecosystems and caused harm to unsuspecting victims. Abbate emphasized the collaborative efforts with federal and international partners to permanently dismantle ransomware campaigns that deliberately target individuals and private sector partners. He further affirmed the commitment to utilize every available resource to prevent such malicious criminal activities.
The recent announcement adds to the growing list of LockBit-related charges. Mikhail Vasiliev, a dual citizen of Canada and Russia, was charged with crimes in November 2022 by the Department. He is now being held in Canada while awaiting extradition to the US. Building on that, in May 2023, the Department revealed the indictment of Mikhail Pavlovich Matveev, also known by his aliases Wazawaka, m1x, Boriselcin, and Uhodiransomwar. Matveev stands accused of his alleged involvement in separate conspiracies involving the deployment of LockBit, Babuk, and Hive ransomware variants, targeting victims in both the United States and abroad.
These developments highlight the ongoing efforts to combat cybercrime on a global scale.