close
close

Two Russians plead guilty in LockBit ransomware attacks

Two Russians plead guilty in LockBit ransomware attacks

Two Russian citizens have pleaded guilty to their involvement in ransomware attacks in the United States, Asia, Europe and Africa by a notorious hacker gang known as LockBit.

Ruslan Astamirov and Mikhail Vasiliev admitted to helping spread the ransomware variant that first appeared in 2020. It soon became one of the most destructive in the world, targeting more than 2,500 victims and resulting in ransom payments of at least $500 million, according to the Justice Department.

The men pleaded guilty on Thursday in federal court in Newark, New Jersey, where six people are charged with LockBit attacks, including Dimitry Khoroshev, described by the U.S. as the group’s founder, developer and administrator. U.S. authorities are offering a reward of up to $10 million for information leading to his arrest.

Astamirov, 21, of the Chechen Republic, and Vasiliev, 34, of Bradford, Ontario, pleaded guilty to charges including conspiracy to commit computer fraud and abuse.

LockBit is the name of a ransomware variant, a type of malicious code that locks computers before hackers demand a ransom to unlock them. Hacker gangs are often known by the name of their ransomware variant. LockBit has successfully implemented a ransomware-as-a-service model in which “affiliates” lease the malicious code and do the actual hacking in exchange for paying the gang’s leaders a share of their illegal earnings. Astamirov and Vasiliev were partners, according to the Justice Department.

In recent years, the U.S. and its allies have tried to curb ransomware attacks by sanctioning hackers or companies associated with them or by disrupting the online infrastructure of cybercriminal gangs. But many hackers are located in places like Russia that provide them with safe haven, making it difficult for Western law enforcement to arrest them.

In February, U.S. and British authorities announced they had disrupted LockBit’s operations, arrested suspected members, seized servers and cryptocurrency accounts, and secured decryption keys to unlock stolen data. The guilty pleas were an important step toward shutting down the group, authorities said.

“We have dealt major blows to destructive ransomware groups like LockBit, for example when we took control of the LockBit infrastructure earlier this year and distributed decryption keys to its victims,” ​​Assistant Attorney General Lisa Monaco said in a statement.

Vasiliev used LockBit against at least 12 victims, including an educational institution in the UK and a school in Switzerland, the US said. He was arrested by Canadian authorities in November 2022 and extradited to the US in June.

Astamirov was arrested by the FBI last year. In May 2023, he agreed to an interview with FBI agents in Arizona, where they seized his electronic devices. He initially denied having anything to do with an email account through a Russia-based provider, but agents later found related records on his devices, according to the arrest complaint. Records showed that Astamirov used the email to “create multiple online accounts under names that were either completely or nearly identical to his own name,” the complaint said.

After August 2020, Astamirov carried out cyberattacks on at least five victims, according to the FBI complaint. These included: companies in France and West Palm Beach, Florida; a Tokyo company that refused to pay a ransom, after which the group posted stolen data on a “leak site” of extortion victims; a Virginia company that stopped an attack after 24,000 documents were stolen; and a Kenyan company that agreed to pay a ransom after some of its stolen data was posted on the LockBit website.

The verdict for both men is scheduled for January 8. Astamirov faces up to 25 years in prison, Vasiliev up to 45 years.

Photo: Photographer: Chris Ratcliffe/Bloomberg

Copyright 2024 Bloomberg.

subjects
Figures on the cyber outbreak in Russia

interested in Cyber?

Get automatic notifications about this topic.