The US Department of Justice (DoJ) has announced the arrest and charges filed against a Russian national accused of participating in cyber-attacks using the LockBit ransomware.
Ruslan Magomedovich Astamirov, a 20-year-old from the Chechen Republic, allegedly targeted computer systems in the United States, Asia, Europe and Africa.
Astamirov is the second individual arrested in connection with the LockBit ransomware campaign within the past six months.
It comes months after the Department announced charges against Mikhail Vasiliev in November 2022, who is currently detained in Canada for extradition.
In May 2023, the Department then indicted Mikhail Pavlovich Matveev for allegedly deploying LockBit, Babuk and Hive ransomware against victims globally.
“In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the Department has once again demonstrated the long arm of the law,” commented deputy attorney general, Lisa O Monaco.
“We will continue to use every tool at our disposal to disrupt cybercrime, and while cyber-criminals may continue to run, they ultimately cannot hide.”
According to the criminal complaint, Astamirov is accused of directly executing at least five attacks against victims in the US and abroad.
The Russian national allegedly controlled various online accounts to deploy LockBit ransomware and communicate with victims. Law enforcement reportedly traced a portion of a victim’s ransom payment to a virtual currency address under Astamirov’s control.
The charges against him include conspiring to commit wire fraud and conspiring to intentionally damage protected computers and transmit ransom demands. If convicted, he could face up to 20 years in prison for the first charge and up to five years for the second.
“The FBI is committed to pursuing ransomware actors like Astamirov, who have exploited vulnerable cyber ecosystems and harmed victims,” said FBI deputy director, Paul Abbate.
“We, in collaboration with our federal and international partners, are fully committed to the permanent dismantlement of these types of ransomware campaigns that intentionally target people and our private sector partners.”
The LockBit ransomware gang was first detected in January 2020 and has caused over 1400 global attacks, resulting in ransom demands exceeding $10m.
Most recently, the threat actor claimed a breach that affected the Housing Authority of the City of Los Angeles (HACLA).