LockBit Affiliate Arrested, as Extortion Totals Reach $91M Since 2020

A third perp has been fingered, but CISA warns that LockBit variants continue to be a major threat on a global scale.

Dark Reading Staff, Dark Reading

June 15, 2023

2 Min Read
concept art of a a skill and key with the word "ransomware" above it.
Source: Marcosalvaraldo via Alamy Stock Photo

The US Department of Justice has arrested and charged a Russian national, Ruslan Magomedovich Astamirov, for his role as an affiliate for the LockBit ransomware.

Specifically, Astamirov is accused of directly executing at least five attacks between August 2020 and last March, against victim computer systems in the United States and abroad.

"Astamirov is the third defendant charged by this office in the LockBit global ransomware campaign, and the second defendant to be apprehended," US Attorney Philip R. Sellinger, District of New Jersey, said in a DoJ statement. "The LockBit conspirators and any other ransomware perpetrators cannot hide behind imagined online anonymity."

Astamirov is charged with conspiring to commit wire fraud and conspiring to intentionally damage protected computers and to transmit ransom demands. If convicted, he faces a maximum penalty of 25 years in prison, along with a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest. The latter number may be larger; CISA and other global cybersecurity authorities this week warned that affiliates using LockBit ransomware variants have collectively extorted around $91 million across 1,700 cyberattacks against US organizations since 2020.

Multiple criminal affiliates use LockBit ransomware, which functions as a ransomware-as-a-service (RaaS) model, so the different attacks vary in how they operate and in their tactics, techniques, and procedures (TTPs), making it more difficult for organizations to protect themselves. Even so, they're finding it increasingly difficult to evade law enforcement scrutiny. 

The latest DoJ announcement follows LockBit-related charges in two other cases from the District of New Jersey. In November, the department announced LockBit-related criminal charges against Mikhail Vasiliev, who is in custody in Canada awaiting extradition to the United States. In May, the department announced the indictment of Mikhail Pavlovich Matveev, for his alleged participation in separate conspiracies to deploy LockBit, Babuk, and Hive ransomware — he remains at large.

More Recent LockBit Ransomware Activity

Meanwhile, LockBit attacks continue. The most recent LockBit ransomware activity was observed this year in New Zealand in February, Australia in April, and the United States on May 25.

CISA and fellow authors in the advisory recommended that organizations apply mitigations such as sandboxing browsers, installing Web application firewalls, requiring phishing-resistant multifactor authentication (MFA), and installing up-to-date antivirus software, to prevent against ransomware attacks.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights