Russian Citizen Arrested in Arizona for Alleged LockBit Ransomware Attacks

Ruslan Magomedovich Astamirov, a 20-year-old Russian citizen, has been arrested in Arizona and the U.S. Department of Justice says he is accused of planting LockBit ransomware on victim networks both in the U.S. and abroad.

Allegations Against Astamirov

According to the released documents, the suspect was allegedly involved in the LockBit attacks between August 2020 and March 2023.
“Allegedly, Astamirov was in cahoots with other members of the LockBit ransomware campaign to commit wire fraud and deliberately damage protected computers, and demand ransom through the use and deployment of ransomware,” the U.S. Department of Justice said. “In particular, Astamirov directly carried out at least five attacks on the computer systems of victims in the United States and abroad.”
Astamirov is charged with conspiracy to transfer ransom demands, wire fraud and intentionally damaging secure computers.
If found guilty, he could face up to 20 years in prison on charges of wire fraud and up to five years in prison on charges of damaging secure computers.

Other LockBit Suspects

I note that Astamirov has become the third LockBit “partner” to be charged by the US Department of Justice over the past seven months. So, in November 2022, 33-year-old Russian citizen Mikhail Vasiliev was arrested in Canada. It has also been linked to LockBit ransomware attacks that affected “critical infrastructure and large industrial plants around the world.”
After that, in May 2023, charges were brought against Mikhail Pavlovich Matveev (also known as Wazawaka, m1x, Boriselcin and Uhodiransomwar). It has been linked to the deployment of LockBit, Babuk, and Hive ransomware to networks of organizations in the US and beyond.
It is also worth noting that earlier this week, law enforcement officers from the Cybersecurity Agency The United States (CISA), the FBI, the Interstate Information Sharing and Analysis Center (MS-ISAC), and cybersecurity experts from Australia, Canada, the UK, Germany, France, and New Zealand have published a security bulletin on preventing LockBit attacks.

Statistics on LockBit Attacks

According to this document, LockBit has carried out about 1,700 attacks since 2020, and it cost nearly $91 million in ransoms alone to US victims. In addition, approximately one in six ransomware attacks targeting US government agencies in 2022 were linked to LockBit.
Each country provided its own statistics illustrating the frequency of LockBit attacks. Australia noted that last year, this group accounted for 18% of the total number of recorded extortion incidents. At the same time, in Canada and New Zealand, LockBit is responsible for one in five attacks.
France said that 11% of attacks since 2020 have been linked to LockBit, but noted that in some cases it was not possible to confirm or deny that victims’ networks were hacked, and the statistics are partly based on publications on the hackers’ website.
In the US, the group accounted for 16% of attacks against government agencies, including municipal and county governments, universities and schools.

Russian Citizen Arrested in Arizona for Alleged LockBit Ransomware Attacks

The U.S. Department of Justice has announced the arrest of Ruslan Magomedovich Astamirov, a 20-year-old Russian citizen, in Arizona. Astamirov is accused of planting LockBit ransomware on victim networks both in the U.S. and abroad.

Allegations Against Astamirov

According to the released documents, the suspect was allegedly involved in the LockBit attacks between August 2020 and March 2023.
“Allegedly, Astamirov was in cahoots with other members of the LockBit ransomware campaign to commit wire fraud and deliberately damage protected computers, and demand ransom through the use and deployment of ransomware,” the U.S. Department of Justice said. “In particular, Astamirov directly carried out at least five attacks on the computer systems of victims in the United States and abroad.”
Astamirov is charged with conspiracy to transfer ransom demands, wire fraud and intentionally damaging secure computers.
If found guilty, he could face up to 20 years in prison on charges of wire fraud and up to five years in prison on charges of damaging secure computers.

Other LockBit Suspects

I note that Astamirov has become the third LockBit “partner” to be charged by the US Department of Justice over the past seven months. So, in November 2022, 33-year-old Russian citizen Mikhail Vasiliev was arrested in Canada. It has also been linked to LockBit ransomware attacks that affected “critical infrastructure and large industrial plants around the world.”
After that, in May 2023, charges were brought against Mikhail Pavlovich Matveev (also known as Wazawaka, m1x, Boriselcin and Uhodiransomwar). It has been linked to the deployment of LockBit, Babuk, and Hive ransomware to networks of organizations in the US and beyond.
It is also worth noting that earlier this week, law enforcement officers from the Cybersecurity Agency The United States (CISA), the FBI, the Interstate Information Sharing and Analysis Center (MS-ISAC), and cybersecurity experts from Australia, Canada, the UK, Germany, France, and New Zealand have published a security bulletin on preventing LockBit attacks.

Statistics on LockBit Attacks

According to this document, LockBit has carried out about 1,700 attacks since 2020, and it cost nearly $91 million in ransoms alone to US victims. In addition, approximately one in six ransomware attacks targeting US government agencies in 2022 were linked to LockBit.
Each country provided its own statistics illustrating the frequency of LockBit attacks. Australia noted that last year, this group accounted for 18% of the total number of recorded extortion incidents. At the same time, in Canada and New Zealand, LockBit is responsible for one in five attacks.
France said that 11% of attacks since 2020 have been linked to LockBit, but noted that in some cases it was not possible to confirm or deny that victims’ networks were hacked, and the statistics are partly based on publications on the hackers’ website.
In the US, the group accounted for 16% of attacks against government agencies, including municipal and county governments, universities and schools.
The U.S. Department of Justice has been actively pursuing LockBit suspects for the past seven months, and the arrest of Astamirov is the latest in a series of arrests and charges against LockBit “partners”. The security bulletin released this week by CISA, the FBI, and other cybersecurity experts from around the world provides an overview of the LockBit ransomware and the steps organizations can take to protect themselves from such attacks.
LockBit has been responsible for a significant number of ransomware attacks since 2020, with US victims alone paying nearly $91 million in ransoms. The statistics provided by each country demonstrate the prevalence of LockBit attacks, with the group accounting for 18% of extortion incidents in Australia, one in five attacks in Canada and New Zealand, and 16% of attacks against US government agencies.
Organizations should take the necessary steps to protect themselves from LockBit and other ransomware attacks, including regularly updating their systems, backing up data, and implementing security measures such as two-factor authentication. By taking these steps, organizations can reduce the risk of falling victim to ransomware attacks.