Two Russian nationals have pleaded guilty to their roles in ransomware attacks in the United States, Asia, Europe and Africa for a notorious hacking gang known as LockBit.
Ruslan Magomedovich Astamirov And Mikhail Vasiliev They admitted to helping deploy the ransomware variant, which first emerged in 2020. It quickly became one of the most destructive in the world, leading to attacks on more than 2,500 victims and ransom payments of at least $500 million, according to the Justice Department.
The men pleaded guilty Thursday in federal court in Newark, New Jersey, where six people were charged in connection with LockBit attacks, including Dmitri Yuryevich Khoroshevpresented by the United States as the creator, developer and administrator of the group. US authorities are offering a reward of up to $10 million for his arrest.
Astamirov, 21, of the Chechen Republic, and Vasiliev, 34, of Bradford, Ont., pleaded guilty to charges including conspiracy to commit computer fraud and abuse.
LockBit is the name of a variant of ransomware, a type of malicious code that locks computers before hackers demand a ransom to unlock them. Hacking gangs are often known by the name of their ransomware variant. LockBit has successfully deployed a ransomware-as-a-service model, in which “affiliates” rent the malicious code and perform the actual hacking, in exchange for paying the gang leaders a portion of their illegal proceeds. Astamirov and Vasiliev were affiliates, according to the Justice Department.
In recent years, the United States and its allies have aggressively tried to curb ransomware attacks by sanctioning hackers or entities associated with them or disrupting the online infrastructure of cybercriminal gangs. But many hackers are based in countries like Russia, which provide them with a safe haven, making them difficult for Western law enforcement to arrest.
In February, U.S. and British authorities announced they had disrupted LockBit’s operations, arrested suspected members, seized servers and cryptocurrency accounts, and recovered decryption keys to unlock the hacked data.
“We have dealt significant blows to destructive ransomware groups like LockBit, as we did earlier this year, by taking control of LockBit’s infrastructure and distributing decryption keys to their victims,” Assistant Attorney General Lisa Monaco said in a statement.
Vasiliev used LockBit against at least 12 victims, including a school in the United Kingdom and a school in Switzerland, the United States said. He was arrested by Canadian authorities in November 2022 and extradited to the United States in June.
Astamirov was arrested by the FBI last year. In May 2023, he agreed to an interview with FBI agents in Arizona, where they seized his electronic devices. He initially denied having anything to do with an email account through a Russia-based provider, but agents later found records related to that account on his devices, according to the arrest complaint. The records showed that Astamirov used email to “create multiple online accounts under names that were entirely or nearly identical to his own name,” according to the complaint.
According to the FBI complaint, Astamirov carried out cyberattacks after August 2020 against at least five victims. They included companies in France and West Palm Beach, Florida; a Tokyo company that refused to pay a ransom, leading the group to post stolen data on an extortion victims’ “leak site”; a Virginia company that stopped an attack after 24,000 documents were stolen; and a Kenyan company that agreed to pay a ransom after some of its stolen data was posted on LockBit’s website.
Both men are scheduled to go to trial on January 8, 2025.
CEO Daily provides essential context for the information business leaders need to know. Every weekday morning, more than 125,000 readers trust CEO Daily for insights into leaders and their businesses. Subscribe now.