DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses

Posted on June 15, 2023 by Dissent

The Justice Department today announced charges against a Russian national for his involvement in deploying numerous LockBit ransomware and other cyberattacks against victim computer systems in the United States, Asia, Europe, and Africa.

Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 20, of Chechen Republic, will make his initial appearance later today.

“This Lockbit-related arrest, the second in six months, underscores the Justice Department’s unwavering commitment to hold ransomware actors accountable,” said Deputy Attorney General Lisa O. Monaco. “In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the Department has once again demonstrated the long arm of the law. We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide.”

According to a criminal complaint obtained in the District of New Jersey, from at least as early as August 2020 to March 2023, Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware. Specifically, Astamirov directly executed at least five attacks against victim computer systems in the United States and abroad.

“Astamirov is the third defendant charged by this office in the LockBit global ransomware campaign, and the second defendant to be apprehended,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “The LockBit conspirators and any other ransomware perpetrators cannot hide behind imagined online anonymity. We will continue to work tirelessly with all our law enforcement partners to identify ransomware perpetrators and bring them to justice.”

According to the criminal complaint, the LockBit ransomware variant first appeared around January 2020. LockBit actors have executed over 1,400 attacks against victims in the United States and around the world, issuing over $100 million in ransom demands and receiving at least as much as tens of millions of dollars in actual ransom payments made in the form of bitcoin.

In furtherance of his LockBit-related activities, Astamirov owned, controlled, and used a variety of email addresses, Internet Protocol (IP) addresses, and other online provider accounts that allowed him and his co-conspirators to deploy LockBit ransomware and to communicate with their victims. Additionally, in at least one circumstance, law enforcement was able to trace a portion of a victim’s ransom payment to a virtual currency address in Astamirov’s control.

Astamirov is charged with conspiring to commit wire fraud and conspiring to intentionally damage protected computers and to transmit ransom demands. If convicted, he faces a maximum penalty of 20 years in prison on the first charge and a maximum penalty of five years in prison on the second charge. Both charges are also punishable by a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest.

This announcement follows LockBit-related charges in two other cases from the District of New Jersey. In November 2022, the department announced criminal charges against Mikhail Vasiliev, a dual Russian and Canadian national, who is currently in custody in Canada awaiting extradition to the United States. In May 2023, the department announced the indictment of Mikhail Pavlovich Matveev, aka Wazawaka, aka m1x, aka Boriselcin, aka Uhodiransomwar, for his alleged participation in separate conspiracies to deploy LockBit, Babuk, and Hive ransomware variants against victims in the United States and abroad.

The FBI Newark Field Office’s Cyber Crimes Task Force is investigating the case. The Jersey City Police Department, New Jersey State Police, Newark IRS Criminal Investigation, and the international partners from Europol’s European Cybercrime Centre, Eurojust, National Police Agency of Japan, France’s Gendarmerie Nationale Cyberspace Command (Cyber Crime Investigation Unit / C3N), National Crime Agency and South West Regional Organized Crime Unit of the United Kingdom, Kantonspolizei Zürich of Switzerland, Landeskriminalamt Schleswig-Holstein and the Bundeskriminalamt of Germany, and Swedish Police Authority of Sweden also provided valuable assistance.

Trial Attorney Jessica C. Peck and Jorge Gonzalez of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Andrew M. Trombly, Vinay Limbachia, and David E. Malagold for the District of New Jersey’s Cybercrime Unit in Newark are prosecuting the case.

The U.S. Attorney’s Office for the District of Arizona and the Justice Department’s Office of International Affairs also provided significant assistance.

Victims of LockBit ransomware should contact their local FBI field office and visit StopRansomware.gov for further information.

A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Category: MalwareOf NoteU.S.

Post navigation

← State governments among victims of MoveIT Transfer breach
Snooping in Medical Records by Hospital Security Guards Leads to $240,000 HIPAA Settlement →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
  • Hacker who breached communications app used by Trump aide stole data from across US government
  • Massachusetts hacker to plead guilty to PowerSchool data breach (1)
  • Cyberattack brings down Kettering Health phone lines, MyChart patient portal access (1)
  • Gujarat ATS arrests 18-year-old for cyberattacks during Operation Sindoor
  • Hackers Nab 15 Years of UK Legal Aid Applicant Data
  • Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with ransom demand

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.