Pierluigi Paganini
July 20, 2024
Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation. The LockBit ransomware operation has been active since January 2020, the group hit over 2,500 victims across 120 countries, including 1,800 in the U.S.. The group targeted individuals, businesses, hospitals, schools, and government agencies. The group extracted approximately $500 million in ransom payments, causing billions in broader losses.
“LockBit’s “affiliate” members, including Vasiliev and Astamirov, would first identity and unlawfully access vulnerable computer systems. They would then deploy LockBit ransomware on victim computer systems and both steal and encrypt stored data. After a successful LockBit attack, LockBit’s affiliate members would then demand a ransom from their victims in exchange for decrypting the victims’ data and deleting stolen data.” reads the press release published by DoJ. “When victims did not pay the demanded ransoms, LockBit’s affiliates would then leave the victim’s data permanently encrypted and publish the stolen data, including highly sensitive information, on a publicly accessible Internet site under LockBit’s control.
Between 2020 and 2023, the duo targeted organizations worldwide. Astamirov, using aliases like “BETTERPAY,” extorted $1.9 million from 12 victims and agreed to forfeit $350,000 in seized cryptocurrency. Vasiliev, using aliases such as “Ghostrider,” caused $500,000 in damages to 12 victims, including schools and businesses. Both pleaded guilty to multiple charges, with Astamirov facing up to 25 years in prison and Vasiliev up to 45 years. Sentencing dates are yet to be set.
“Astamirov pleaded guilty to a two-count information charging him with conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud. He faces a maximum penalty of 25 years in prison. Vasiliev pleaded guilty to a four-count information charging him with conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, transmission of a threat in relation to damaging a protected computer, and conspiracy to commit wire fraud. He faces a maximum penalty of 45 years in prison. A sentencing date has not yet been set.” concludes the press release.
In May 2024, the FBI, UK National Crime Agency, and Europol unmasked the identity of the admin of the LockBit ransomware operation, aka ‘LockBitSupp’ and ‘putinkrab’ , and issued sanctions against him. It was the first time that the admin of the notorious group was identified by law enforcement.
The man is a Russian national named Dmitry Yuryevich Khoroshev (31) of Voronezh, Russia.
In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev (30), aka Wazawaka, m1x, Boriselcin, and Uhodiransomwar, for his alleged role in multiple ransomware attacks.
The DoJ unsealed two indictments charging the man with using three different ransomware families in attacks aimed at numerous victims throughout the United States. The attacks hit law enforcement agencies in Washington, D.C. and New Jersey, as well as organizations in the healthcare and other sectors nationwide.
On or about June 25, 2020, Matveev and his LockBit coconspirators targeted a law enforcement agency in Passaic County, New Jersey. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. On April 26, 2021, Matveev and his Babuk coconspirators hit the Metropolitan Police Department in Washington, D.C.
The Russian citizen was charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, the man could face a sentence of over 20 years in prison.
The man is suspected to be living in Russia and is operating from that country. Clearly, due to the ongoing geopolitical crisis, it’s unlikely that Russia will capture the man to extradite him to the United States.
The US government also charged in the past other LockBit members, including Artur Sungatov and Ivan Kondratyev (Bassterlord).
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
