Two Russian nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, have pleaded guilty to their involvement in ransomware attacks across the US, Asia, Europe, and Africa for the notorious hacking group LockBit. The men admitted to helping deploy the LockBit ransomware variant, which has caused extensive damage since its emergence in 2020.
According to the Justice Department, the ransomware has attacked over 2,500 victims, resulting in at least $500 million in ransom payments.
The guilty pleas were entered on Thursday in federal court in Newark, New Jersey, where six individuals, including Dimitry Yuryevich Khoroshev—described as the creator, developer, and administrator of LockBit—have been charged. US authorities are offering a reward of up to $10 million for Khoroshev’s arrest.
Astamirov, 21, from the Chechen Republic, and Vasiliev, 34, from Bradford, Ontario, pleaded guilty to charges including conspiracy to commit computer fraud and abuse. LockBit is a ransomware variant that locks up computers until a ransom is paid. The hacking group operates using a ransomware-as-a-service model, where affiliates like Astamirov and Vasiliev lease the malicious code and conduct the actual hacking, sharing the proceeds with the gang’s leaders.
In recent years, the US and its allies have intensified efforts to curb ransomware attacks by sanctioning hackers, disrupting cybercriminal infrastructure, and arresting suspects. However, many hackers operate from safe havens like Russia, complicating Western law enforcement efforts.
In February, US and UK authorities announced the disruption of LockBit operations, arresting alleged members, seizing servers and cryptocurrency accounts, and recovering decryption keys to unlock hijacked data. Deputy Attorney General Lisa Monaco stated that significant blows have been dealt to ransomware groups like LockBit.
Vasiliev was involved in deploying LockBit against at least 12 victims, including educational institutions in the UK and Switzerland. He was arrested by Canadian authorities in November 2022 and extradited to the US in June. Astamirov was arrested by the FBI last year. In May 2023, he agreed to an interview with FBI agents in Arizona, where his electronic devices were seized. Initially denying involvement, records later showed his connection to cyberattacks on businesses in France, West Palm Beach, Florida, Tokyo, Virginia, and Kenya.
Both men are scheduled to be sentenced on January 8, 2025.
