Two Russian nationals pleaded guilty to their roles in ransomware attacks in the US, Asia, Europe and Africa for a notorious hacking gang known as LockBit.
Ruslan Astamirov and Mikhail Vasiliev admitted they helped to deploy the ransomware variant, which first appeared in 2020. It soon became one of the most destructive in the world, leading to attacks against more than 2,500 victims and ransom payments of at least $500 million, according to the Justice Department.
The men pleaded guilty Thursday in federal court in Newark, New Jersey, where six people have been charged over LockBit attacks, including Dimitry Khoroshev, described by the US as the group’s creator, developer and administrator. US authorities are offering a reward of up to $10 million for information leading to his arrest.
Astamirov, 21, of the Chechen Republic, and Vasiliev, 34, of Bradford, Ontario, pleaded guilty to charges including conspiracy to commit computer fraud and abuse.
LockBit is the name of a ransomware variant, a type of malicious code that locks up computers before hackers demand a ransom to unlock them. Hacking gangs are often known by the name of their ransomware variant. LockBit successfully deployed a ransomware-as-a-service model, in which “affiliates” lease the malicious code and do the actual hacking, in exchange for paying the the gang’s leaders a cut of their illegal proceeds. Astamirov and Vasiliev were affiliates, according to the Justice Department.
In recent years, the US and its allies have tried to curb ransomware attacks by sanctioning hackers or entities associated with them or disrupting the online infrastructure of cybercriminal gangs. But many hackers are in places such as Russia, which give them safe haven, making it hard for Western law enforcement to arrest them.
In February, US and UK authorities announced they disrupted LockBit operations, arresting alleged members, seizing servers and cryptocurrency accounts, and recovering decryption keys to unlock hijacked data. The guilty pleas were a key step in shutting down the group, authorities said.
“We’ve dealt significant blows to destructive ransomware groups like LockBit, as we did earlier this year, seizing control of LockBit infrastructure and distributing decryption keys to their victims,” said Deputy Attorney General Lisa Monaco, in a statement.
Vasiliev deployed LockBit against at least 12 victims, including an educational facility in the UK and a school in Switzerland, the US said. He was arrested by Canadian authorities in November 2022 and extradited to the US in June.
Astamirov was arrested by the FBI last year. In May 2023, he agreed to an interview with FBI agents in Arizona, where they seized his electronic devices. He initially denied having anything to do with an email account through a Russian-based provider, but agents later found records related to it on his devices, according to the arrest complaint. Records showed that Astamirov used the email to “create multiple online accounts under names either fully or nearly identical to his own name,” the complaint said.
After August 2020, Astamirov executed cyberattacks on at least five victims, according to the FBI complaint. They included: businesses in France and West Palm Beach, Florida; a Tokyo firm, which refused to pay a ransom, leading the group to post stolen data on a “leak site” of extortion victims; a Virginia company that stopped an attack after 24,000 documents were stolen; and a Kenyan business that agreed to pay ransom after some of its stolen data was posted to the LockBit website.
Both men are scheduled to be sentenced on Jan. 8. Astamirov faces as many as 25 years in prison, while Vasiliev faces up to 45 years.
Photo: Photographer: Chris Ratcliffe/Bloomberg
Was this article valuable?
Here are more articles you may enjoy.
Global Tech Outage Disrupts Industries, Highlights Online Risks 
Surplus Lines Commercial Growth; Fla. Litigation Costs Reach New High in 2023 
Viewpoint: Deepfake Fraud Is On the Rise. Here’s How Insurers Can Respond 
Travelers Reverses Q2 Income Loss, Narrows Underwriting Loss 
