Russian national Ruslan Magomedovich Astamirov was arrested in Arizona and charged by the U.S. Justice Department for allegedly deploying LockBit ransomware on the networks of victims in the United States and abroad.
According to the criminal complaint, the 20-year-old suspect from the Chechen Republic was allegedly involved in LockBit ransomware attacks between August 2020 and March 2023.
“Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware,” US DOJ said.
“Specifically, Astamirov directly executed at least five attacks against victim computer systems in the United States and abroad.”
Astamirov has been indicted on charges of conspiracy to transmit ransom demands, commit wire fraud, and intentionally damage protected computers.
If found guilty, he could face up to 20 years in prison for the wire fraud charge and up to five years in prison for the charge related to damaging protected computers.
The charges also carry the possibility of fines up to $250,000 or double the financial gain or loss resulting from the offense, whichever is higher.
Third LockBit affiliate charged in the U.S. since November
Astamirov is the third LockBit affiliate the U.S. Justice Department charged in the last seven months.
In November 2022, the DOJ unveiled criminal charges against Mikhail Vasiliev, now in custody in Canada and awaiting extradition to the United States.
In May 2023, Mikhail Pavlovich Matveev (also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar) was also charged for his alleged involvement in deploying LockBit, Babuk, and Hive ransomware in attacks targeting organizations within and outside the United States.
“Astamirov is the third defendant charged by this office in the LockBit global ransomware campaign, and the second defendant to be apprehended,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey.
“The LockBit conspirators and any other ransomware perpetrators cannot hide behind imagined online anonymity. We will continue to work tirelessly with all our law enforcement partners to identify ransomware perpetrators and bring them to justice.”
LockBit ransomware emerged as a ransomware-as-a-service (RaaS) operation in September 2019 and has claimed multiple high-profile victims worldwide in recent months, including the Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland.
U.S. and international cybersecurity authorities also revealed in a joint advisory published on Wednesday that this ransomware gang extorted roughly $91 million from U.S. organizations that fell victim to approximately 1,700 attacks since 2020.