The US Justice Department has announced charges against yet another Russian national allegedly involved in deploying the LockBit ransomware. This comes at a time when there is an ongoing crackdown on international cybercriminals responsible for wreaking havoc on organizations across the globe.
Arrest and Charges
Ruslan Magomedovich Astamirov, a 20-year-old from the Chechen Republic, Russia, was recently arrested in Arizona and charged with conspiracy to commit wire fraud and conspiracy to damage computers and transmit ransom demands. According to the charges, Astamirov owned, controlled, and used multiple IP addresses, email addresses, and other online accounts to deploy the LockBit ransomware and communicate with victims.
Tracing the Payment
Court documents reveal that authorities were able to trace a victim’s payment to a cryptocurrency address that Astamirov controlled. This helped to incriminate him and link him to the LockBit ransomware attacks.
Involvement with LockBit ransomware gang
According to an FBI complaint, Astamirov has been a member of the LockBit ransomware gang since at least August 2020. He directly executed at least five cyberattacks against victim systems in the US. This shows a clear pattern of behavior that was impacting the livelihoods and operations of different organizations.
During a voluntary interview with the FBI in May 2023, Astamirov lied about his connection with one of the email addresses used in LockBit ransomware attacks. This act of deception further implicated him in cybercrime-related activities.
There is no complete sentence here for me to correct. This phrase seems to be expressing a topic, but it does not provide enough context for me to understand what kind of evidence or accusation is being referred to against Astamirov. If you could provide me with more information, I would be glad to help you express your message more clearly.
Law enforcement obtained evidence that Astamirov used the email address to set up online accounts used in LockBit attacks. He also controlled an IP address used in attacks against at least four victims. Through this clear evidentiary trail, law enforcement was able to build a case against him.
Here is an overview of LockBit Ransomware
The LockBit ransomware has been active since at least January 2020, operating under the Ransomware-as-a-Service (RaaS) model and targeting organizations in the US, Asia, Europe, and Africa. The ransomware encrypts an organization’s data, making it inaccessible, and demands a ransom payment in exchange for the decryption key. The FBI estimates that it has been used in roughly 1,700 attacks in the US, with victims paying approximately $91 million in ransoms.
Other Arrests and Rewards
This recent arrest of Astamirov follows the arrest of Mikhail Vasiliev, another Russian and Canadian national, who was arrested in Canada for his role in LockBit deployments in November 2021. Furthermore, the US has announced a $10 million reward for information leading to the arrest of Mikhail Pavlovich Matveev, a Russian national who is allegedly involved in Babuk, Hive, and LockBit ransomware attacks. These arrests and rewards are part of the global effort to crack down on cybercriminals who engage in ransomware attacks and cause serious damage to businesses and individuals.
The arrest and charges against Astamirov add to the increasing efforts by law enforcement agencies to curb cybercrime, especially related to ransomware attacks. While it is crucial to focus on apprehending the individuals responsible for these types of crimes, it is also essential to put measures in place to prevent cyberattacks from occurring in the first place. This includes implementing better security protocols, conducting employee training, establishing data backup and recovery plans, and more. The LockBit ransomware attacks highlight the need for businesses to be vigilant and proactive in protecting themselves from such attacks.