Two foreign nationals, Ruslan Magomedovich Astamirov, and Mikhail Vasiliev, who were part of the LockBit ransomware group, have recently pleaded guilty in the Newark federal court for their involvement in carrying out cyberattacks worldwide, including in the United States. The LockBit group, between 2020 and 2024, launched attacks on over 2,500 victims in 120 countries, with a significant number of victims located in the United States, extorting millions of dollars in ransom payments.
Following a successful disruption of LockBit ransomware in February, where international law enforcement agencies collaborated to seize control of the group’s servers and websites, the guilty pleas from Astamirov and Vasiliev mark a significant milestone in holding cybercriminals accountable. This disruption greatly affected LockBit’s ability to continue their attacks and tarnished their reputation in the cybercriminal world.
The case also involves charges against other members of the LockBit group, including Dmitry Yuryevich Khoroshev, who is said to be the alleged creator and administrator of LockBit. Khoroshev is currently the subject of a $10 million bounty through the U.S. Department of State’s Transnational Organized Crime Rewards Program. He is accused of playing a key role in recruiting new members, overseeing the group’s operations, and maintaining the infrastructure used for carrying out attacks.
U.S. Attorney Philip R. Sellinger stressed the commitment to holding cybercriminals accountable and dismantling their operations, stating that Astamirov and Vasiliev believed they could operate LockBit without facing consequences, but law enforcement agencies are determined to expose and prosecute them wherever they may hide.
Astamirov, operating under various aliases, extorted around $1.9 million from at least 12 victims between 2020 and 2023. As part of his plea agreement, he agreed to forfeit $350,000 in seized cryptocurrency. Vasiliev, known by online monikers “Ghostrider” and “Free,” caused approximately $500,000 in damages to at least 12 victims between 2021 and 2023.
Victims of LockBit ransomware are urged to contact the FBI and provide information at lockbitvictims.ic3.gov. Authorities have developed decryption tools that may assist hundreds of victims in restoring systems encrypted by LockBit ransomware. Victims can also find updates and information on their rights under U.S. law, including the ability to submit victim impact statements and request restitution, at justice.gov/usao-nj/lockbit.
The guilty pleas from the LockBit members and the subsequent disruption of the group’s activities demonstrate the collective efforts of law enforcement agencies to combat cybercrime and protect individuals and organizations from falling victim to ransomware attacks.