Two Russian nationals have pleaded guilty to their roles in ransomware attacks in the United States, Asia, Europe and Africa on behalf of the notorious hacking gang known as LockBit.
Ruslan Magomedovich Astamirov And Mikhail Vasiliev They admitted to helping spread the ransomware variant, which first appeared in 2020. It quickly became one of the world’s most destructive viruses, leading to attacks against more than 2,500 victims and paying ransoms of at least $500 million, according to the Justice Department.
The men pleaded guilty Thursday in federal court in Newark, New Jersey, where six people were charged in connection with the LockBit attacks, including Dmitry Yuryevich KhoroshevThe United States described him as the group’s creator, developer and administrator, and offered a reward of up to $10 million for information leading to his capture.
Astamirov, 21, of Chechnya, and Vasiliev, 34, of Bradford, Ontario, pleaded guilty to charges including conspiracy to commit fraud and computer misuse.
LockBit is the name of a form of ransomware, a type of malicious code that locks computers before hackers demand a ransom to unlock them. Hacking gangs are often known by the type of ransomware they use. LockBit has successfully deployed a ransomware-as-a-service model, in which “partners” rent the malicious code and do the actual hacking, in exchange for paying the ringleaders a percentage of their illicit proceeds. According to the Justice Department, Astamirov and Vasiliev were partners.
In recent years, the United States and its allies have aggressively tried to curb ransomware attacks by imposing sanctions on hackers or entities linked to them or disrupting the online infrastructure of cybercrime gangs. But many hackers are based in places like Russia, which provides them with safe havens, making it difficult for Western law enforcement to arrest them.
In February, US and UK authorities announced that they had disrupted LockBit’s operations, arrested alleged members, seized cryptocurrency servers and accounts, and recovered decryption keys to unlock the compromised data.
“We have dealt significant blows to destructive ransomware groups like LockBit, as we did earlier this year when we seized control of LockBit’s infrastructure and distributed decryption keys to their victims,” Deputy Attorney General Lisa Monaco said in a statement.
The US said Vasilyev used LockBit against at least 12 victims, including an education facility in the UK and a school in Switzerland. He was arrested by Canadian authorities in November 2022 and extradited to the US in June.
Astamirov was arrested by the FBI last year. In May 2023, he agreed to an interview with FBI agents in Arizona, where they seized his electronic devices. He initially denied having anything to do with an email account through a Russia-based provider, but agents later found records related to it on his devices, according to the arrest complaint. The records showed that Astamirov used the email “to create multiple online accounts under names that were identical or nearly identical to his own,” the complaint said.
After August 2020, Astamirov carried out cyberattacks on at least five victims, according to the FBI complaint. Those attacks included: companies in France and West Palm Beach, Florida; a Tokyo company that refused to pay a ransom, prompting the group to post stolen data on a “leak site” for extortion victims; a Virginia company that stopped an attack after 24,000 documents were stolen; and a Kenyan company that agreed to pay a ransom after some of its stolen data was posted on LockBit.
They are scheduled to be sentenced on January 8, 2025.
CEO Daily provides essential context to the news leaders need to know from across the business world. Every weekday morning, more than 125,000 readers trust CEO Daily for insights on and from top executives. Subscribe now.
