Two foreign nationals pleaded guilty today to participating in the LockBit ransomware group, which has been one of the most prolific ransomware variants globally. They admitted to deploying LockBit attacks against victims in the United States and worldwide.
“Today’s convictions reflect the latest returns on the Department’s investment in disrupting ransomware threats, prioritizing victims, and holding cybercriminals accountable,” said Deputy Attorney General Lisa Monaco. “In executing our all-tools cyber enforcement strategy, we’ve dealt significant blows to destructive ransomware groups like LockBit, as we did earlier this year, seizing control of LockBit infrastructure and distributing decryption keys to their victims. Today’s actions serve as a warning to ransomware actors who would attack Americans: we will find you and hold you accountable.”
“The defendants committed ransomware attacks against victims in the United States and around the world through LockBit, which was one of the most destructive ransomware groups in the world,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “But thanks to the work of the Computer Crime and Intellectual Property Section, along with its domestic and international partners, LockBit no longer claims that title. Today’s convictions represent another important milestone in the Criminal Division’s ongoing effort to disrupt and dismantle ransomware groups, protect victims, and bring cybercriminals to justice.”
According to court documents, Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 21, a Russian national from Chechen Republic, Russia; and Mikhail Vasiliev, 34, a dual Canadian-Russian national from Bradford, Ontario; were members of LockBit. Between January 2020 and February 2024, LockBit grew into one of the most active and destructive ransomware groups globally. It attacked over 2,500 victims across at least 120 countries—1,800 of whom were based in the United States—including individuals; small businesses; multinational corporations; hospitals; schools; nonprofit organizations; critical infrastructure; government agencies; and law enforcement bodies. The group extorted approximately $500 million in ransom payments from these victims while causing billions more in additional losses.
LockBit's affiliate members first identified vulnerable computer systems before deploying LockBit ransomware on those systems to steal and encrypt stored data. When successful attacks occurred, they demanded ransoms for decrypting data while claiming they would delete their copies if paid. If ransoms were not paid by victims whose data was stolen—including highly sensitive information—the affiliates often left it permanently encrypted or published it on publicly accessible websites under their control.
“Astamirov and Vasiliev thought that they could deploy LockBit from the shadows without consequence,” said U.S. Attorney Philip R. Sellinger for New Jersey District. “They were wrong... We will do everything in our power...to put a spotlight on them as wanted criminals—no matter where they hide.”
“Astamirov and Vasiliev were members of [a] group...attacking computer systems globally," said FBI Deputy Director Paul Abbate."Today’s plea shows our relentless commitment...The FBI is proud [of] international collaboration leading [to] accountability."
Between 2020-2023 Astamirov deployed LockBit against at least twelve global businesses including those based in Virginia (USA), Japan France Scotland Kenya under aliases such as "BETTERPAY," "offtitan," "Eastfarmer" extorting $1.9 million collectively forfeiting $350k cryptocurrency seized during his arrest June '23.
From '21-'23 Vasiliev using aliases like "Ghostrider", "Free", etc., attacked multiple institutions including NJ-based firms UK Swiss educational facilities causing damage worth half-a-million dollars before his November '22 Canadian arrest followed by US extradition June this year.
Astamirov faces up-to-25 years imprisonment having pled guilty towards conspiracy charges involving computer fraud abuse wire-fraud whereas Vasiliev risks maximum penalty reaching forty-five years covering four-count information regarding similar crimes intentional damage protected computers threatening transmissions sentencing dates pending Federal Court's decision post-consideration guidelines statutory factors
Today's pleas follow recent disruptions initiated February when UK's National Crime Agency Cyber Division coordinated DOJ FBI others seizing public-facing sites connecting organization servers halting further network encryption victim extortion diminishing reputation capability significantly
Previously unsealed May indictments reveal four other members charged including alleged creator Dmitry Yuryevich Khoroshev alias “LockBitsupp” acting administrator since September ‘19 recruiting affiliates maintaining deployment infrastructure taking twenty percent ransom deriving hundred-million dollars personally listed under ten-million-dollar reward program offered US State Department Transnational Organized Crime TOC Rewards Program via https://tips.fbi.gov/home
Additional indictments include Artur Sungatov Ivan Kondratyev aka Bassterlord targeting US manufacturing semiconductor industries globally Matveev Wazawaka m1x Boriselcin Uhodiransomwar accused attacking Washington DC Metropolitan Police subject similar ten-million-dollar rewards sanctioned Treasury Office Foreign Assets Control OFAC
Victims encouraged contact FBI submit info https://lockbitvictims.ic3.gov/ enabling law enforcement determine decryption possibilities restoring affected systems updates rights restitution submissions www.justice.gov/usao-nj/lockbit prosecution led Newark Field Office Special Agent Charge James E Dennehy supported Atlanta Northern Georgia Ontario Provincial Police Crown Attorney Toronto UK NCA France Gendarmerie Nationale Cyberspace Command Paris Prosecution Germany Landeskriminalamt Schleswig-Holstein Bundeskriminalamt Switzerland Federal Office Justice Police Zurich Cantonal Public Prosecutor Zurich Cantonal Japan National Policy Australian Federal Sweden Polismyndighetens Royal Mounted Netherlands Politie Dienst Regionale Recherche Oost-Brabant Finland Poliisi Europol Eurojust Trial Attorneys Jessica C Peck Debra Ireland Jorge Gonzalez CCIPS Andrew Trombly David Malagold Vinay Limbachia NJ prosecuting DOJ Cybercrime Liaison Eurojust OIA NSD NSCS assisting protection details StopRansomware.gov advisories AA23-325A AA23-165A AA23-075A