Suspected LockBit Ransomware Affiliate Arrested in Arizona

US authorities have apprehended and indicted a Russian national allegedly associated with the notorious LockBit ransomware attacks. Ruslan Magomedovich Astamirov, a 20-year-old from the Chechen Republic, was arrested in Arizona and charged by the US Department of Justice (DOJ) on accusations of deploying LockBit ransomware on multiple networks in the US and internationally.

Astamirov is accused of participating in LockBit ransomware attacks between August 2020 and March 2023. According to the DOJ’s criminal complaint, Astamirov, along with other unidentified cyber criminals, conspired to commit wire fraud and intentionally damage protected computers by deploying ransomware. They then purportedly demanded ransoms to restore the affected systems.

The suspect allegedly masterminded at least five such attacks on victim computer systems, domestically and abroad.

“In furtherance of his LockBit-related activities, Astamirov owned, controlled, and used a variety of email addresses, Internet Protocol (IP) addresses, and other online provider accounts that allowed him and his co-conspirators to deploy LockBit ransomware and to communicate with their victims,” said the DoJ in a press release. “Additionally, in at least one circumstance, law enforcement was able to trace a portion of a victim’s ransom payment to a virtual currency address in Astamirov’s control.”

If found guilty, the suspect could face severe penalties, including up to 20 years in prison for the wire fraud charge and another five for allegedly damaging protected computers. The charges also stipulate potential fines up to $250,000 or double the monetary gains or losses from his alleged offenses, depending on which amount is greater.

Astamirov’s not the first arrest in connection with the LockBit ransomware operation. In the past seven months, he is the third accused LockBit ransomware affiliate apprehended by the DOJ, demonstrating the escalating efforts of US law enforcement to combat such cybercrimes.

In November 2022, Mikhail Vasiliev, a man with dual Canadian and Russian nationality, was arrested for alleged ties to the LockBit ransomware group. In May 2023, Mikhail Pavlovich Matveev, also known as Wazawaka, Boriselcin and Uhodiransomwar, was indicted for allegedly participating in separate conspiracies to deploy LockBit, Hive and Babuk ransomware variants on devices in the US and abroad.

Recent data published by US and international cybersecurity authorities highlight the extent of the LockBit ransomware gang's criminal activities. The criminal group has reportedly extorted roughly $91 million from US organizations through approximately 1,700 attacks since 2020.

As these cyber threats continue to escalate, the arrest of Astamirov offers a glimpse of hope in the ongoing struggle against ransomware. However, the impact on the LockBit ransomware gang’s operations remains to be seen.