The US Department of Justice (DoJ) has apprehended and charged Ruslan Magomedovich Astamirov, a Russian national, for his involvement as an affiliate for the LockBit ransomware. Astamirov stands accused of directly carrying out at least five cyberattacks between August 2020 and March of this year, targeting computer systems in the United States and abroad.
According to a statement from US Attorney Philip R. Sellinger of the District of New Jersey, Astamirov becomes the third defendant charged by the DoJ in relation to the LockBit global ransomware campaign, and the second defendant to be apprehended. Sellinger emphasizes that perpetrators of LockBit ransomware and other ransomware attacks will not be able to hide behind online anonymity.
Astamirov faces charges of conspiring to commit wire fraud and conspiring to intentionally damage protected computers, as well as transmitting ransom demands. If found guilty, he could be sentenced to a maximum of 25 years in prison and fined up to $250,000 or twice the gain or loss incurred from the offense, whichever is greater. Given that the LockBit ransomware has collectively extorted around $91 million through approximately 1,700 cyberattacks against US organizations since 2020, the potential fine could be substantial.
LockBit ransomware is known for its ransomware-as-a-service (RaaS) model, which means that multiple criminal affiliates utilize it, resulting in variations in attack methods and techniques. This complexity makes it increasingly challenging for organizations to defend against such attacks. Nonetheless, law enforcement agencies are intensifying their efforts to bring these perpetrators to justice.
This recent DoJ action is just the latest in a series of charges related to LockBit ransomware. In November, the department announced criminal charges against Mikhail Vasiliev, who is currently detained in Canada pending extradition to the United States. Additionally, in May, the indictment of Mikhail Pavlovich Matveev was announced for his alleged involvement in separate conspiracies to deploy LockBit, Babuk, and Hive ransomware. Matveev is currently at large.
Despite these legal actions, LockBit ransomware attacks continue to occur. Recent instances of LockBit ransomware activity have been observed in New Zealand in February, Australia in April, and the United States on May 25.
In response to the persistent threat of ransomware attacks, the Cybersecurity and Infrastructure Security Agency (CISA) and other advisory organizations recommend several mitigations. These include sandboxing browsers, installing web application firewalls, implementing phishing-resistant multifactor authentication (MFA), and keeping antivirus software up to date. These measures can help organizations protect themselves against ransomware attacks and minimize their potential impact.
As law enforcement agencies and cybersecurity organizations work together to combat ransomware threats like LockBit, it is crucial for businesses and individuals to remain vigilant and adopt proactive security measures to safeguard their digital systems and assets. The consequences of a successful ransomware attack can be significant, both in terms of financial loss and reputational damage.