Admin l Friday, June 16, 2023
WASHINGTON – The Justice Department of Justice has announced charges against a Russian national for his involvement in deploying numerous LockBit ransomware and other cyberattacks against victim computer systems in the United States, Asia, Europe, and Africa.
Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 20, of Chechen Republic was arraigned on Thursday.
“This LockBit-related arrest, the second in six months, underscores the Justice Department’s unwavering commitment to hold ransomware actors accountable,” said Deputy Attorney General Lisa O. Monaco.
“In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the Department has once again demonstrated the long arm of the law. We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide.”
According to a criminal complaint obtained in the District of New Jersey, from at least as early as August 2020 to March 2023, Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware.
Specifically, Astamirov directly executed at least five attacks against victim computer systems in the United States and abroad.
“Astamirov is the third defendant charged by this office in the LockBit global ransomware campaign, and the second defendant to be apprehended,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey.
“The LockBit conspirators and any other ransomware perpetrators cannot hide behind imagined online anonymity. We will continue to work tirelessly with all our law enforcement partners to identify ransomware perpetrators and bring them to justice.”
According to the criminal complaint, the LockBit ransomware variant first appeared around January 2020. LockBit actors have executed over 1,400 attacks against victims in the United States and around the world, issuing over $100 million in ransom demands and receiving at least as much as tens of millions of dollars in actual ransom payments made in the form of bitcoin.
In furtherance of his LockBit-related activities, Astamirov owned, controlled, and used a variety of email addresses, Internet Protocol (IP) addresses, and other online provider accounts that allowed him and his co-conspirators to deploy LockBit ransomware and to communicate with their victims.
Additionally, in at least one circumstance, law enforcement was able to trace a portion of a victim’s ransom payment to a virtual currency address in Astamirov’s control.
