Russian national arrested in US for deploying LockBit ransomware

A 20-year-old Russian national was arrested and charged by U.S. law enforcement for allegedly targeting victims around the world with the notorious LockBit ransomware.

According to a criminal complaint released Thursday, Ruslan Astamirov from Chechnya was involved in LockBit operations from at least August 2020 to March 2023 and executed at least five attacks against victims in the U.S., Asia, Europe, and Africa.

In at least one instance, law enforcement managed to track a portion of a victim's ransom payment to Astamirov's virtual currency address. He will make his initial appearance in court later on Thursday.

This is the second arrest of a Russian national affiliated with the LockBit ransomware in the last six months. Mikhail Vasiliev was arrested in Canada last November and is now awaiting extradition to the U.S.

Earlier this May, the Justice Department also announced the indictment of Mikhail Matveev, for his alleged participation in separate conspiracies to deploy LockBit, Babuk, and Hive ransomware variants.

If found guilty, Astamirov faces up to 20 years in prison and a maximum fine of either $250,000, or double the financial gain or loss from the crime, whichever is higher.

“We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide,” said Deputy Attorney General Lisa O. Monaco.

What is LockBit?

The LockBit ransomware variant first appeared around January 2020 and is believed to have links to Russia.

LockBit operators have executed over 1,400 attacks against victims in the U.S. and around the world, issuing over $100 million in ransom demands and receiving at least tens of millions of dollars in actual ransom payments made in the form of bitcoin, according to the criminal complaint.

Cybersecurity agencies around the world issued a statement this week saying that the LockBit gang is one of the biggest cybersecurity threats that governments and other organizations face.

The group accounted for 16% of attacks on U.S. public entities in 2022, including on municipal and county governments, public higher education and K-12 schools, as well as on emergency services like law enforcement agencies.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.