Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group
Ruslan Magomedovich Astamirov and Mikhail Vasiliev Admit to Deploying LockBit Attacks
NEWARK, N.J. – Two foreign nationals have pleaded guilty in Newark federal court to participating in the LockBit ransomware group, one of the most prolific ransomware variants globally, and deploying LockBit attacks against victims in the United States and worldwide. U.S. Attorney Philip R. Sellinger announced today that Ruslan Magomedovich Astamirov and Mikhail Vasiliev have admitted their involvement in the ransomware scheme.
Details of the Guilty Pleas
Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 21, a Russian national from the Chechen Republic, Russia:
- Pleaded guilty to conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud.
- Faces a maximum penalty of 25 years in prison.
- Engaged in LockBit activities between 2020 and 2023, deploying ransomware against at least 12 victims, including businesses in Virginia, Japan, France, Scotland, and Kenya.
- Collected approximately $1.9 million in ransom payments.
- Agreed to forfeit $350,000 in seized cryptocurrency.
Mikhail Vasiliev, 34, a dual Canadian and Russian national from Bradford, Ontario:
- Pleaded guilty to conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, transmission of a threat in relation to damaging a protected computer, and conspiracy to commit wire fraud.
- Faces a maximum penalty of 45 years in prison.
- Deployed LockBit ransomware between 2021 and 2023 against at least 12 victims, including businesses in New Jersey, Michigan, the United Kingdom, and Switzerland, as well as educational institutions.
- Caused at least $500,000 in damage and losses.
- Arrested in Canada in November 2022 and extradited to the United States in June 2023.
“Astamirov and Vasiliev thought that they could deploy LockBit from the shadows, wreaking havoc and pocketing massive ransom payments from their victims, without consequence. They were wrong," said U.S. Attorney Philip R. Sellinger.
Background on LockBit Ransomware Group
LockBit ransomware first appeared in January 2020 and grew into one of the most active and destructive ransomware groups in the world. LockBit members attacked over 2,500 victims in at least 120 countries, including 1,800 in the United States. Victims included individuals, small businesses, multinational corporations, hospitals, schools, nonprofits, critical infrastructure, and government agencies. LockBit extracted approximately $500 million in ransom payments, causing billions of dollars in broader losses.
LockBit affiliates, including Astamirov and Vasiliev, identified and accessed vulnerable computer systems, deployed ransomware, and demanded ransoms for decrypting data and deleting stolen information. Failure to pay resulted in the permanent encryption of data and the publication of stolen information on a public website.
“The defendants committed ransomware attacks against victims in the United States and around the world through LockBit, which was one of the most destructive ransomware groups in the world,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division.
Law Enforcement and Investigation
Today's guilty pleas follow a disruption of LockBit ransomware by the U.K. National Crime Agency’s Cyber Division in February, in cooperation with the Justice Department, FBI, and other international law enforcement partners. Authorities seized public-facing websites and servers used by LockBit, significantly diminishing the group's ability to attack further victims.
Several other LockBit members have been charged in the District of New Jersey, including:
- Dmitry Yuryevich Khoroshev: Alleged creator, developer, and administrator of LockBit, charged in May.
- Artur Sungatov and Ivan Kondratyev: Charged in February for deploying LockBit against numerous U.S. and international victims.
- Mikhail Matveev: Charged in May 2023 for using various ransomware variants, including LockBit, to attack numerous U.S. victims.
The U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program offers rewards for information leading to the arrest and/or conviction of key LockBit members, including up to $10 million for Khoroshev and Matveev.
“It's a common misconception that cyber hackers won't get caught by law enforcement because they're smarter and savvier than we are,” FBI – Newark Special Agent in Charge James E. Dennehy said. “Two members of the LockBit affiliate pleading guilty to their crimes in U.S. federal court illustrate we can stop them and bring them to justice. These malicious actors believe they can operate with impunity – and don’t fear getting caught because they sit in a country where they feel safe and protected. FBI Newark and our law enforcement partners around the globe have the technology and intelligence to go after these criminals – regardless of where they hide.”
Victim Assistance
LockBit victims are encouraged to contact the FBI and submit information at https://lockbitvictims.ic3.gov/. Law enforcement has developed decryption capabilities that may enable victims to restore systems encrypted by LockBit. Victims can also visit https://www.justice.gov/usao-nj/lockbit for case updates and information on their rights under U.S. law, including submitting victim impact statements and requesting restitution.
Astamirov and Vasiliev are scheduled to be sentenced on January 8, 2025. The government is represented by Assistant U.S. Attorneys Ray A. Mateo and Aaron L. Webman of the Opioid Abuse Prevention and Enforcement Unit in Newark.