Two More Russian Nationals Get Decades in Prison over LockBit Ransomware Involvement

Two Russian nationals have pleaded guilty to participating in the LockBit ransomware operation, deploying attacks against victims across the globe and inflicting damages of up to $2 million.

Ruslan Magomedovich Astamirov 21, a Russian national, and Mikhail Vasiliev, 34, a dual Canadian and Russian national, deployed LockBit ransomware against two dozen victims in the US, Japan, France, Scotland, Kenya, the UK and Switzerland.

Operating under various online aliases between 2020 and 2023, the duo extracted a combined $1.95 million in ransom payments from victims, while inflicting millions more in financial damages, according to the US Department of Justice.

Decades in prison

Astamirov pleaded guilty to conspiracy to commit computer fraud and abuse, and conspiracy to commit wire fraud and faces a maximum penalty of 25 years. Vasiliev pleaded guilty to conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, transmission of a threat in relation to damaging a protected computer, and conspiracy to commit wire fraud. He faces up to 45 years in prison.

Vasiliev was first charged and arrested by Canadian authorities in November 2022, and later extradited to the United States to face trial.

A sentencing date has not yet been set.

The guilty pleas follow the partial disruption of LockBit’s operations in February by the UK National Crime Agency’s (NCA) Cyber Division, which worked in cooperation with the Justice Department, the FBI, and other international law enforcement partners. The pleas also follow charges brought against other members of the LockBit crew, including its alleged creator, developer and administrator, Dmitry Yuryevich Khoroshev.

Billions in losses

LockBit emerged in January 2020 and rapidly grew into one of the most active and destructive ransomware groups in the world. The operation is said to be responsible for attacks on over 2,500 victims in at least 120 countries, including 1,800 in the United States.

Victims ranged from individuals and small businesses to multinational corporations, and included hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies, according to the DOJ.

The four-year operation – still alive and kicking despite takedowns by law enforcement – has so far extracted some $500 million in ransom payments from its victims, and caused billions of dollars in broader losses.

While most ransomware attacks of LockBit’s scale are highly targeted, regular consumers also run the risk of a ransomware infection from tainted links and unvetted software downloads. Bitdefender strongly recommends consumers stay vigilant and always run a trusted security solution on their personal devices to limit the risk of a ransomware infection.