Two Russian nationals have admitted guilt in a U.S. court for their roles as affiliates in the LockBit ransomware operation, aiding in cyberattacks globally.
The defendants, Ruslan Magomedovich Astamirov, 21, of the Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian citizen from Bradford, Ontario, have both been implicated.
Astamirov was apprehended in Arizona by U.S. law enforcement in May 2023. Vasiliev, already wanted for related charges in Canada, received a nearly four-year prison sentence and was extradited to the U.S. last month.
This development follows the U.K. National Crime Agency (NCA) revealing Dmitry Yuryevich Khoroshev, a 31-year-old Russian, as the LockBit ransomware operation’s administrator and developer over two months ago.
LockBit is estimated to have attacked over 2,500 organizations since emerging in late 2019, extracting around $500 million in ransom payments from its victims.
Earlier this year, the e-crime syndicate suffered a significant setback when its online infrastructure was dismantled in a coordinated law enforcement operation named Cronos. Despite this, the group remains active.
According to the U.S. Justice Department, Vasiliev and Astamirov would identify and illegally access vulnerable computer systems, deploy LockBit ransomware, and then steal and encrypt data stored on these systems.
“After a successful LockBit attack, LockBit’s affiliate members would demand a ransom from their victims in exchange for decrypting the data and deleting the stolen information,” the department stated.
Astamirov, known by aliases such as BETTERPAY, offtitan, and Eastfarmer, deployed LockBit against at least 12 victims between 2020 and 2023, amassing $1.9 million in ransom payments from victims in Virginia, Japan, France, Scotland, and Kenya.
He has pleaded guilty to conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud. These two charges carry a maximum penalty of 25 years in prison.
Similarly, Vasiliev, operating under aliases such as Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110, deployed the ransomware against 12 businesses in New Jersey and Michigan, as well as the U.K. and Switzerland.
Vasiliev faces up to 45 years in prison on charges related to conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, transmission of a threat concerning damaging a protected computer, and conspiracy to commit wire fraud.
Both defendants are scheduled for sentencing on January 8, 2025. Khoroshev was charged with 26 counts earlier this May for leading the LockBit operation, although he remains at large.
“It’s a common misconception that cyber hackers won’t get caught by law enforcement because they’re smarter and savvier than we are,” said James E. Dennehy, FBI special agent in charge of the Newark Field Office.
“Two members of the LockBit affiliate pleading guilty to their crimes in U.S. federal court illustrate we can stop them and bring them to justice. These malicious actors believe they can operate with impunity – and don’t fear getting caught because they sit in a country where they feel safe and protected.”