Russian couple confess to $500 million cyber heist
Two Russian citizens have pleaded guilty to their roles in ransomware attacks in the United States, Asia, Europe and Africa for a notorious hacker gang called LockBit.
Ruslan Magomedovich Astamirov And Mikhail Vasiliev admitted that it helped deploy the ransomware variant, which first emerged in 2020. It quickly became one of the world’s most destructive variants, resulting in attacks on more than 2,500 victims and ransoms of at least $500 million, according to the Justice Department.
The men pleaded guilty Thursday in federal court in Newark, New Jersey, where six people have been charged with LockBit attacks, including Dimitry Yuryevich Khoroshevdescribed by the US as the group’s founder, developer and manager. US authorities are offering a reward of up to $10 million for his capture.
Astamirov, 21, of the Chechen Republic, and Vasiliev, 34, of Bradford, Ontario, pleaded guilty to charges including conspiracy to commit computer fraud and misuse of computer data.
LockBit is the name of a variant of ransomware, a type of malware that locks a computer before demanding a ransom to unlock it. Hacking gangs are often known by the name of their ransomware variant. LockBit has successfully deployed a ransomware-as-a-service model, in which “affiliates” rent out the malware and perform the actual hacking in exchange for paying gang leaders a portion of their illicit profits. According to the Justice Department, Astamirov and Vasiliev were affiliates.
In recent years, the United States and its allies have been aggressive in trying to curb ransomware attacks by sanctioning hackers or entities associated with them or disrupting the online infrastructure of cybercriminal gangs. But many hackers are based in places like Russia, which provides them safe havens that make it difficult for Western law enforcement to catch them.
In February, US and UK authorities announced they had disrupted LockBit’s operations, arrested alleged members, seized servers and cryptocurrency accounts, and recovered decryption keys to unlock stolen data.
“We have struck hard against destructive ransomware groups like LockBit, just as we did earlier this year, taking control of LockBit’s infrastructure and distributing decryption keys to their victims,” Deputy Attorney General Lisa Monaco said in a statement.
Vasiliev deployed LockBit against at least 12 victims, including an educational institution in the UK and a school in Switzerland, the US said. He was arrested by Canadian authorities in November 2022 and extradited to the US in June.
Astamirov was arrested by the FBI last year. In May 2023, he agreed to be interviewed by FBI agents in Arizona, where they seized his electronic devices. He initially denied having any involvement with the email account through a provider based in Russia, but agents later found records related to the account on his devices, according to the arrest complaint. The records showed that Astamirov used the email to “create multiple online accounts under names that were identical or nearly identical to his own,” the complaint said.
After August 2020, Astamirov launched cyberattacks on at least five victims, according to the FBI complaint. The victims included: businesses in France and West Palm Beach, Florida; a Tokyo company that refused to pay the ransom, prompting the group to post the stolen data on a “leaking site” of blackmail victims; a Virginia company that stopped an attack after 24,000 documents were stolen; and a Kenyan business that agreed to pay the ransom after some of its stolen data was posted on the LockBit website.
Both are scheduled to be sentenced on January 8, 2025.
CEO Daily provides key context for the news leaders need to know from across the business world. Every weekday morning, more than 125,000 readers trust CEO Daily for insights from—and inside—the C-suite. Follow now.
