DOJ Charges Russian National For Role in LockBit Ransomware Attacks

June 19, 2023 - The United States Department of Justice (DOJ) charged a Russian national for his involvement in LockBit ransomware attacks. As previously reported, LockBit is one of the most prolific ransomware groups in the world currently. This marks the second DOJ arrest of a Russian hacker in connection with LockBit in 2023 alone.  

Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 20, of Chechen Republic allegedly leveraged LockBit ransomware to commit wire fraud and deploy ransomware. Astamirov allegedly executed at least five attacks on computer systems in the US and abroad.

“This LockBit-related arrest, the second in six months, underscores the Justice Department’s unwavering commitment to hold ransomware actors accountable,” said Deputy Attorney General Lisa O. Monaco.

“In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the Department has once again demonstrated the long arm of the law. We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide.”

LockBit threat acts have executed more than 1,400 cyberattacks against victims in the US and abroad since they were first observed in January 2020. The group has issued more than $100 million in ransom demands and has successfully gained tens of millions of dollars in ransomware payments. The HHS Health Sector Cybersecurity Coordination Center (HC3) has issued multiple alerts about LockBit and the threat it poses to healthcare organizations.

In Astamirov’s case, law enforcement was able to trace part of a victim’s ransom payment to a virtual currency address controlled by Astamirov. In addition, Astimirov allegedly owned and controlled a variety of IP addresses, email addresses, and other accounts that enabled LockBit actors to communicate with victims.

“The FBI is committed to pursuing ransomware actors like Astamirov, who have exploited vulnerable cyber ecosystems and harmed victims,” said FBI Deputy Director Paul Abbate. “We, in collaboration with our federal and international partners, are fully committed to the permanent dismantlement of these types of ransomware campaigns that intentionally target people and our private sector partners. We will continue to leverage every resource to prevent this type of malicious, criminal activity.”

If convicted on charges of wire fraud and conspiring to intentionally damage protected computers and transmit ransom demands, Astamirov faces a maximum of 25 years in prison as well as hefty fines.

CISA, the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners recently released a comprehensive document that dives into LockBit’s tactics and tools.

To prevent initial access, the entities recommended implementing sandboxed browsers, segmenting networks, and implementing multi-factor authentication (MFA). In addition, organizations should raise awareness of phishing threats and consider adding an external warning banner for emails sent to or received from contacts outside their organization.