Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

The downfall of Lockbit ransomware affiliates

The downfall of Lockbit ransomware affiliates

Two prominent affiliates of the LockBit ransomware operation have confessed to their roles in perpetrating widespread cyberattacks, facing severe consequences that could see them behind bars for decades. 

 

What happened

Ruslan Magomedovich Astamirov, a 21-year-old Russian national from the Chechen Republic, and Mikhail Vasiliev, a 34-year-old dual citizen of Canada and Russia hailing from Bradford, Ontario, have pleaded guilty to charges related to their involvement in the LockBit ransomware-as-a-service (RaaS) scheme.

Astamirov and Vasiliev were instrumental in identifying and unlawfully accessing computer systems of numerous victims worldwide, including individuals, small businesses, multinational corporations, hospitals, schools, non-profits, critical infrastructure providers, and government entities. Once inside these networks, they exfiltrated sensitive data and deployed the potent LockBit ransomware, demanding substantial ransom payments in exchange for decryption keys and the deletion of stolen information.

Failure to comply with these extortionate demands resulted in victims' files remaining encrypted and inaccessible, while the pilfered data was uploaded to LockBit's notorious data leak site, where it could be accessed and downloaded by anyone with nefarious intentions.

 

Going deeper

The LockBit ransomware operation emerged in 2020 and swiftly became the most prolific ransomware group globally. Its attacks have impacted over 2,500 victims, including 1,800 entities within the United States alone, and it has amassed $500 million in ransom payments.

In a major blow to the group's operations, an international law enforcement initiative dubbed "Operation Chronos" in February 2024 seized LockBit's infrastructure, including data leak sites, servers, approximately 14,000 accounts involved in data exfiltration, and around 200 cryptocurrency accounts used by the group and its affiliates. While this disruption temporarily slowed LockBit's activities, the group managed to adapt and continue operating, albeit at a reduced capacity.

 

What was said

In a statement, U.S. Attorney Philip R. Sellinger for the District of New Jersey stressed the severity of their actions, stating, "Astamirov and Vasiliev thought that they could deploy LockBit from the shadows, wreaking havoc and pocketing massive ransom payments from their victims, without consequence. They were wrong. We, in New Jersey, along with our domestic and international law enforcement partners will do everything in our power to hold LockBit's members and other cybercriminals accountable, disrupt and dismantle their operations, and put a spotlight on them as wanted criminals—no matter where they hide."

 

Why it matters

The LockBit ransomware operation has proven to be a formidable threat, inflicting substantial financial and operational damage on countless organizations across the globe. The guilty pleas and impending lengthy prison sentences for Astamirov and Vasiliev represent a victory in the ongoing battle against cybercrime and serve as a stern warning to other individuals involved in such activities.

 

FAQs

What is LockBit ransomware? 

LockBit is a highly prolific ransomware-as-a-service (RaaS) operation that emerged in 2020. It has been responsible for numerous cyberattacks on individuals, businesses, and organizations worldwide, encrypting their data and demanding substantial ransom payments in exchange for decryption keys and the deletion of stolen information.

 

What charges did Astamirov and Vasiliev plead guilty to? 

Astamirov pleaded guilty to two charges: conspiracy to commit computer fraud and abuse, and conspiracy to commit wire fraud. Vasiliev, on the other hand, pleaded guilty to four charges: conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, transmission of a threat in relation to damaging a protected computer, and conspiracy to commit wire fraud.

 

What are the potential sentences Astamirov and Vasiliev face? 

Astamirov faces a maximum sentence of up to 25 years in prison, while Vasiliev could receive a sentence of up to 45 years behind bars.

 

Who is Dmitry Yuryevich Khoroshev, and what is his involvement in the LockBit operation? 

Dmitry Yuryevich Khoroshev, also known as LockBitSupp, is a Russian national alleged to be the leader and administrator of the LockBit ransomware operation since September 2019. He is believed to have been responsible for recruiting affiliates and maintaining the group's infrastructure. Khoroshev has been indicted and charged by the District of New Jersey, and a $10 million reward has been offered for information leading to his arrest.

 

 

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.