US Authorities Arrested a Russian Citizen Who Is Associated with the Distribution of LockBit Ransomware

Ruslan Magomedovich Astamirov, a 20-year-old Russian citizen, has been arrested in Arizona and the U.S. Department of Justice says he is charged with injecting LockBit ransomware on victim networks both in the U.S. and abroad.

Astamirov is charged with conspiracy to transfer ransom demands, wire fraud and intentionally damaging secure computers.

If found guilty, he could face up to 20 years in prison on charges of wire fraud and up to five years in prison on charges of damaging secure computers.

I note that Astamirov has become the third LockBit “partner” to be charged by the US Department of Justice over the past seven months. So, in November 2022, 33-year-old Russian citizen Mikhail Vasiliev was arrested in Canada. It has also been linked to LockBit ransomware attacks that affected “critical infrastructure and large industrial plants around the world.”

After that, in May 2023, charges were brought against Mikhail Matveev (also known as Wazawaka, m1x, Boriselcin and Uhodiransomwar). It has been linked to the deployment of LockBit, Babuk, and Hive ransomware to networks of organizations in the US and beyond.

It is also worth noting that earlier this week law enforcement from the US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the Interstate Information Sharing and Analysis Center (MS-ISAC), as well as cybersecurity specialists from Australia, Canada, the UK, Germany, France and New Zealand have published a security bulletin on preventing LockBit attacks.

According to this document, LockBit has carried out about 1,700 attacks since 2020, and it cost nearly $91 million in ransoms alone to US victims. In addition, approximately one in six ransomware attacks targeting US government agencies in 2022 were linked to LockBit.

Each country provided its own statistics illustrating the frequency of LockBit attacks. Australia noted that last year, this group accounted for 18% of the total number of recorded extortion incidents. At the same time, in Canada and New Zealand, LockBit is responsible for one in five attacks.

France said that 11% of attacks since 2020 have been linked to LockBit, but noted that in some cases it was not possible to confirm or deny that victims’ networks were hacked, and the statistics are partly based on publications on the hackers’ website.

In the US, the group accounted for 16% of attacks against government agencies, including municipal and county governments, universities and schools, and emergency services, including law enforcement.