T

The Ransomware War: Two Foreign Nationals Plead Guilty to LockBit Ransomware Involvement

US DOJ announced new guilty pleads in the LockBit ransomware case
Spread financial intelligence

In one of the largest ransomware cybercrime cases, two Russian nationals have pleaded guilty to participating in the notorious LockBit ransomware group. At its peak, this group was considered the most prolific and destructive ransomware variant globally. This group is known for launching attacks on various entities, including businesses, hospitals, schools, and even government agencies in the United States and internationally.

The Convictions

Ruslan Magomedovich Astamirov, a 21-year-old Russian national from the Chechen Republic, and Mikhail Vasiliev, a 34-year-old dual Canadian and Russian national, have admitted their roles in deploying LockBit ransomware. Between January 2020 and February 2024, LockBit executed more than 2,500 attacks across 120 countries, extorting approximately $500 million from victims and causing billions in additional losses.

Read more about Ransomware here on FinTelegram.

Deputy Attorney General Lisa Monaco highlighted the significance of these convictions, emphasizing the Department of Justice’s commitment to disrupting ransomware activities and holding cybercriminals accountable. The coordinated effort has involved seizing control of LockBit’s infrastructure and distributing decryption keys to victims, striking a severe blow to the ransomware group.

The Modus Operandi

Astamirov and Vasiliev, operating under various online aliases such as “BETTERPAY” and “Ghostrider,” identified vulnerable computer systems, deployed LockBit ransomware, and extorted victims. Once they successfully encrypted data, they demanded ransom payments in exchange for decryption and the promise to delete stolen data. Failure to pay often resulted in permanent data encryption and public exposure of sensitive information.

Astamirov was responsible for attacks on businesses in countries including the United States, Japan, and France, extorting $1.9 million from his victims. Vasiliev’s operations targeted entities in New Jersey, Michigan, the United Kingdom, and Switzerland, among others, causing at least $500,000 in damage. Both were ultimately apprehended and are now facing significant prison sentences—up to 25 years for Astamirov and up to 45 years for Vasiliev.

Broader Implications and Future Actions

The disruption of LockBit follows prior actions against key members of the group, including its alleged creator and administrator, Dmitry Yuryevich Khoroshev. Khoroshev, who allegedly earned at least $100 million through ransomware activities, is currently one of the most wanted cybercriminals, with a reward of up to $10 million for information leading to his capture.

Additionally, other LockBit members, such as Artur Sungatov and Ivan Kondratyev, face charges for deploying ransomware against various industries, while Mikhail Matveev is wanted for attacks on entities, including the Washington, D.C., Metropolitan Police Department.

The U.S. Department of State’s Transnational Organized Crime Rewards Program continues to offer substantial rewards for information leading to the identification and arrest of key LockBit figures.

As the fight against ransomware continues, these convictions represent a crucial step in the global effort to combat cybercrime, protect victims, and bring perpetrators to justice. The international community remains vigilant and committed to dismantling cybercriminal networks and ensuring they face the consequences of their actions.

Leave a Reply

Your email address will not be published. Required fields are marked *