Two Lockbit affiliates from Russia plead guilty in US court

Two Russian nationals pleaded guilty on Thursday to participating in the infamous LockBit hacker group and using its ransomware to extort money from victims around the world.

A 21-year-old Russian citizen, Ruslan Astamirov, and a 34-year-old Canadian-Russian, Mikhail Vasiliev, could face a maximum penalty of 25 and 45 years in prison, respectively. A sentencing date has not yet been set, the U.S. Department of Justice said in a statement.

Between 2020 and 2023, Astamirov deployed LockBit against at least 12 victims — including businesses in Virginia, Japan, France, Scotland, and Kenya — extorting $1.9 million, according to court documents. He operated under the online aliases “BETTERPAY,” “offtitan,” and “Eastfarmer.”

As part of his plea agreement, Astamirov agreed to forfeit, among other assets, $350,000 in seized cryptocurrency that he extorted from one of his LockBit victims. Astamirov was first charged and arrested in June 2023.

Vasiliev, who operated under the online aliases “Ghostrider,” “Free,” and “Newwave110,” deployed LockBit against at least 12 victims between 2021 and 2023, including businesses in New Jersey, Michigan, the U.K., and Switzerland.

Through these attacks, Vasiliev caused at least $500,000 in damage and losses to his victims. He was first charged and arrested in Canada by authorities in November 2022.

In March, Vasiliev was sentenced to four years in prison after pleading guilty to eight charges in a Canadian court. During the last hearing in Canada, Justice Michelle Fuerst called Vasiliev a “cyber terrorist” who was "motivated by his own greed." He was extradited to the U.S. following his sentencing in Canada.

“Astamirov and Vasiliev thought that they could deploy LockBit from the shadows, wreaking havoc and pocketing massive ransom payments from their victims, without consequence,” said U.S. Attorney Philip Sellinger. “They were wrong.”

Vasiliev and Astamirov are the only two LockBit suspects known, by name, to be in law enforcement custody.

Earlier in February, an international law enforcement operation brought down LockBit’s infrastructure and identified hundreds of affiliates involved in the group. The U.S. Justice Department has already unsealed indictments of Russian nationals Artur Sungatov and Ivan Kondratiev — an infamous hacker also known as Bassterlord.

LockbitSupp, the pseudonymous leader of the LockBit ransomware group, was identified as a Russian national named Dmitry Khoroshev earlier in May. The U.S., U.K., and Australia imposed financial sanctions against him as part of the unveiling

LockBit was the most prolific ransomware operation in the world before its takedown, launching thousands of attacks against governments, businesses, and organizations in dozens of countries. The gang offered its ransomware as a service, providing its platform to customers for a fee since 2019. 

According to the DOJ, LockBit attacked more than 2,500 victims in at least 120 countries, including 1,800 victims in the U.S. LockBit’s members extorted approximately $500 million in ransom payments from their victims and caused billions of dollars in additional losses, including costs like lost revenue and incident recovery.

Despite the recent takedown, the group has been able to revive itself and continue launching attacks. This week the gang took credit for an attack on a county government in Indiana that forced local officials to file a disaster declaration due to the impact. It has also attacked the largest hospital in Croatia, government systems in Indonesia and more.