Two foreign nationals from the notorious international ransomware group LockBit pleaded guilty in the in Newark federal court for participating in the group and deploying attacks against victims in the United States and worldwide.
Ruslan Magomedovich Astamirov, 21, a Russian national, and Mikhail Vasiliev, 34, a dual Canadian-Russian citizen, admitted to involvement in these activities.
Between 2020 and 2024, the LockBit group had attacked over 2,500 victims in at least 120 countries, with 1,800 of those in the United States, extorting hundreds of millions of dollars in the form of ransom payments.
Scope of LockBit’s Operations
The guilty pleas follow a recent disruption of LockBit ransomware in February, in which the UK National Crime Agency’s Cyber Division, working with the Justice Department, FBI, and other international law enforcement partners, seized public-facing websites and control of servers used by LockBit administrators, disrupting the group’s ability to attack and encrypt networks. The disruption diminished LockBit’s reputation and ability to attack further victims.
The case also involves charges brought against other LockBit members, including its alleged creator, developer, and administrator, Dmitry Yuryevich Khoroshev, who is currently the subject of a reward of up to $10 million through the U.S. Department of State’s Transnational Organized Crime Rewards Program. Khoroshev is accused of recruiting new affiliate members, acting as the representative for the group, and developing and maintaining the infrastructure used by affiliates to deploy LockBit attacks.
U.S. Attorney Philip R. Sellinger emphasized the commitment to holding cybercriminals accountable, stating:
“Astamirov and Vasiliev thought that they could deploy LockBit from the shadows, wreaking havoc and pocketing massive ransom payments from their victims, without consequence. They were wrong. We, in New Jersey, along with our domestic and international law enforcement partners will do everything in our power to hold LockBit’s members and other cybercriminals accountable, disrupt and dismantle their operations, and put a spotlight on them as wanted criminals – no matter where they hide.”
Impact of the Guilty LockBit Pleas
Astamirov, who operated under aliases such as “BETTERPAY” and “Eastfarmer,” deployed LockBit against at least 12 victims between 2020 and 2023, extorting approximately $1.9 million in ransom payments. He agreed to forfeit $350,000 in seized cryptocurrency as part of his plea agreement.
Vasiliev, who was known online as “Ghostrider” and “Free,” among other aliases, targeted at least 12 victims between 2021 and 2023, causing at least $500,000 in damages and losses.
These guilty pleas follow a recent disruption of LockBit’s infrastructure by international law enforcement agencies in February. The operation significantly diminished the group’s ability to attack further victims and damaged its reputation.
LockBit Victim Assistance
LockBit victims are encouraged to contact the FBI and submit information at https://lockbitvictims.ic3.gov. Law enforcement has developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant.
Victims are also encouraged to visit https://www.justice.gov/usao-nj/lockbit for case updates and information regarding their rights under U.S. law, including the right to submit victim impact statements and request restitution.