ClickCease LockBit Ransomware: Two Russians Plead Guilty For Attacks - TuxCare

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

LockBit Ransomware: Two Russians Plead Guilty For Attacks

Wajahat Raja

August 1, 2024 - TuxCare expert team

As per recent media reports, two Russian nationals have pleaded guilty in a United States (US) court for affiliate participation in the LockBit ransomware attacks. The two individuals part of the LockBit ransomware scheme have been identified as Ruslan Magomedovich Astamirov and Mikhail Vasiliev. In this article, we’ll dive into the details of the plea and the sentences that were imposed.

Unmasking The LockBit Ransomware Threat Actors

The two threat actors who plead guilty, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, are aged 12 and 34, respectively. While Astamirove hails from the Chechen Republic, Vasiliev has dual nationality from Canada and Russia.

As per the information available, Astamirov was arrested in Arizona by US law enforcement agencies last year in May and Vasiliev, subject to charges in Canada, was extradited to the US last month.

It’s worth mentioning here that this development comes two months after the United Kingdom’s (UK) National Crime Agency (NCA) revealed the 31-year-old Russian national named Dmitry Yuryevich Khoroshev as the brains behind the LockBit ransomware scheme.

Threat actors suffered a blow when their infrastructure was taken down earlier this year due to the LockBit takedown operation dubbed Cronos. However, it’s worth mentioning here that the group continues to remain active.

Threat Actor Roles In LockBit Ransomware Attacks

As far the malicious LockBit operation is concerned, over 2500 entities have succumbed to the attacks since 2019. Given the vast amount and severity of the cybersecurity breaches conducted by the group, the threat actors’ monetary ransomware proceeds amounts to around $500 million.

As far as the involvement of the culprits is concerned, both of them would first identify and gain unauthorized access to vulnerable systems. After gaining access, these culprits would then deploy the LockBit ransomware and acquire and encrypt the data. Once the data was acquired, they would ask the victims for a ransome in order to decrypt it.

Reports claim that Astamirov, also known as BETTERPAY, offtitan, and Eastfarmer, has deployed the LockBit ransomware against 12 victims during 2020 and 2023 and amassed a total of $1.9 million as ransom. These victims were spread out among different regions that include:

  • Japan.
  • Kenya.
  • France.
  • Scotland.
  • Virginia, USA.

Vasiliev, going by the names Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110, is said to have deployed the LockBit ransomware against 12 businesses in varying regions that include:

  • The UK.
  • Switzerland.
  • Michigan, USA.
  • New Jersey, USA.

Threat Actors Guilty Plea Sentencing

Both Astamirov and Vasiliev have pleaded guilty of affiliate involvement in the LockBit ransomware attacks and are due to be sentenced on January 8th, 2025. Vasiliev’s guilty plea includes:

  • Conspiracy to commit wire fraud.
  • Intentional damage to a protected computer.
  • Conspiracy to commit computer fraud and abuse.
  • Transmission of a threat in relation to damaging a protected computer.

These charges carry a maximum sentence of 45 years in prison. Astamirov’s guilty plea charges, on the other hand, have a maximum penalty of 25 years behind bars and include conspiracy to commit wire fraud and conspiracy to commit computer fraud and abuse.

Conclusion

The arrests and guilty pleas of Ruslan Magomedovich Astamirov and Mikhail Vasiliev mark a significant milestone in the ongoing battle against cybercrime. The LockBit ransomware, notorious for its extensive reach and financial impact, has faced serious blows with these legal actions and the takedown of its infrastructure. However, since the group is still active, users should implement advanced security protocols to lower the risk of exposure and safeguard themselves from threat actors.

The sources for this piece include articles in The Hacker News and Bloomberg Law.

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter