"Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks"
The US Justice Department (DoJ) recently announced charges against a third Russian national allegedly involved in deploying the LockBit ransomware. The man, Ruslan Magomedovich Astamirov, 20, was arrested in Arizona and allegedly owned, controlled, and used multiple IP addresses, email addresses, and other online accounts to deploy the LockBit ransomware and communicate with victims. According to court documents, in at least one instance, authorities were able to trace a victim’s payment to a cryptocurrency address that Astamirov controlled. According to an FBI complaint, Astamirov has been a member of the LockBit ransomware gang since at least August 2020 and directly executed at least five cyberattacks against victim systems in the US. In May 2023, during a voluntary interview with the FBI, Astamirov lied about his connection with one of the email addresses used in LockBit ransomware attacks but later admitted that he used the email account on at least three different devices. At the time, authorities seized several devices Astamirov owned, including an iPhone, an iPad, a MacBook Pro, and a USB drive. According to the FBI complaint, law enforcement obtained evidence that Astamirov used the email address to set up online accounts used in LockBit attacks and that he also controlled an IP address used in attacks against at least four victims. The authorities also linked the IP address to a second email address that Astamirov used and discovered that Astamirov received 80% of a ransom payment in roughly $700,000 worth of cryptocurrency from a fifth victim of the LockBit ransomware, with which he and likely other co-conspirators negotiated. Astamirov is charged with conspiracy to commit wire fraud, punishable by a maximum of 20 years in prison, and conspiracy to damage computers and transmit ransom demands, which is punishable by a maximum of five years in prison. The LockBit ransomware has been active since at least January 2020, operating under the Ransomware-as-a-Service (RaaS) model and targeting organizations in the US, Asia, Europe, and Africa. The FBI estimates that it has been used in roughly 1,700 attacks in the US, with victims paying approximately $91 million in ransoms.