Two Russian nationals [1] [2] [7] [9], Ruslan Magomedovich Astamirov and Mikhail Vasiliev [1] [3] [4] [5] [6] [7] [8] [9], have pleaded guilty in a US court for their involvement in the LockBit ransomware scheme [9], one of the most destructive in the world [3].

Description

Astamirov and Vasiliev were part of the LockBit ransomware operation, led by Dmitry Yuryevich Khoroshev [9], which targeted critical infrastructure [3], schools [3] [5], hospitals [3] [5], police departments [5], and municipalities across New Jersey and the United States [5]. The group caused over $500 million in ransom payments and billions more in estimated losses [5], attacking over 2,500 entities in at least 120 countries [4] [8]. Astamirov extorted $1.9 million from 12 victims and agreed to forfeit $350,000 in seized cryptocurrency [6], while Vasiliev caused $500,000 in damages to 12 victims [6]. Both defendants face significant prison sentences [6] [9], with Astamirov facing a maximum penalty of 25 years and Vasiliev facing a maximum penalty of 45 years [4] [8]. Vasiliev targeted at least 12 victims [1] [7], including educational facilities in the UK and Switzerland [1] [7], while Astamirov executed cyberattacks on five victims [1] [7], including businesses in France [1] [7], Florida [1] [7], a Tokyo firm [7], a Virginia company [7], and a Kenyan business [7]. Six people have been charged for their roles in the cyber attacks [3], with FBI Deputy Director Paul Abbate emphasizing the commitment to bringing cybercriminals to justice [3]. Both men are scheduled to be sentenced on Jan. 8, 2025 [1] [7]. The guilty pleas follow a recent disruption of LockBit by international law enforcement agencies [4], which seized control of the group’s infrastructure and greatly diminished its ability to attack further victims [4]. LockBit [1] [2] [3] [4] [5] [6] [7] [8] [9], a ransomware variant that first appeared in 2020 [1] [2] [7], led to attacks against over 2,500 victims and ransom payments of at least US$500 million [1] [2] [7]. Astamirov and Vasiliev admitted to deploying the ransomware and were affiliates of the group [1] [7]. LockBit successfully used a ransomware-as-a-service model [1], where affiliates lease the malicious code and do the hacking in exchange for a cut of the proceeds [1]. US and UK authorities have been working to disrupt ransomware operations [1], with recent efforts leading to arrests [1], server seizures [1], and recovery of decryption keys [1].

Conclusion

The guilty pleas of Astamirov and Vasiliev mark a significant step in holding cybercriminals accountable for their actions. The disruption of LockBit by international law enforcement agencies highlights the importance of collaboration in combating ransomware attacks. Efforts to disrupt ransomware operations continue [1], with authorities working to prevent further attacks and protect victims from cyber threats.

References

[1] https://www.thestar.com.my/tech/tech-news/2024/07/19/two-russian-nationals-plead-guilty-in-lockbit-ransomware-attacks
[2] https://news.bloomberglaw.com/tech-and-telecom-law/two-russian-nationals-plead-guilty-in-lockbit-ransomware-attacks
[3] https://dailyvoice.com/new-jersey/atlantic/pair-convicted-in-worldwide-ransomware-attacks-victimizing-nj-residents-feds/
[4] https://databreaches.net/2024/07/19/two-foreign-nationals-plead-guilty-to-participation-in-lockbit-ransomware-group/
[5] https://www.nj.com/news/2024/07/2-admit-to-prolific-ransomware-attacks-that-targeted-victims-in-nj-across-the-globe.html
[6] https://securityaffairs.com/165941/cyber-crime/lockbit-ransomware-group-members-plead-guilty.html
[7] https://fortune.com/2024/07/18/russian-duo-confess-to-cyber-heist/
[8] https://www.justice.gov/opa/pr/two-foreign-nationals-plead-guilty-participating-lockbit-ransomware-group
[9] https://thehackernews.com/2024/07/two-russian-nationals-plead-guilty-in.html