{"id":165941,"date":"2024-07-20T04:43:44","date_gmt":"2024-07-20T04:43:44","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=165941"},"modified":"2024-07-20T04:43:46","modified_gmt":"2024-07-20T04:43:46","slug":"lockbit-ransomware-group-members-plead-guilty","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/165941\/cyber-crime\/lockbit-ransomware-group-members-plead-guilty.html","title":{"rendered":"Russian nationals plead guilty to participating in the LockBit ransomware group"},"content":{"rendered":"
<\/div>\n

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide.<\/h2>\n\n\n\n

Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware<\/a> operation. The LockBit ransomware operation has been active since January 2020, the group hit over 2,500 victims across 120 countries, including 1,800 in the U.S.. The group targeted individuals, businesses, hospitals, schools, and government agencies. The group extracted approximately $500 million in ransom payments, causing billions in broader losses.
<\/gwmw><\/gwmw><\/p>\n\n\n\n

“LockBit\u2019s \u201caffiliate\u201d members, including Vasiliev and Astamirov, would first identity and unlawfully access vulnerable computer systems. They would then deploy LockBit ransomware on victim computer systems and both steal and encrypt stored data. After a successful LockBit attack, LockBit\u2019s affiliate members would then demand a ransom from their victims in exchange for decrypting the victims\u2019 data and deleting stolen data.” reads the press release<\/strong><\/a> published by DoJ. “When victims did not pay the demanded ransoms, LockBit\u2019s affiliates would then leave the victim\u2019s data permanently encrypted and publish the stolen data, including highly sensitive information, on a publicly accessible Internet site under LockBit\u2019s control.<\/gwmw>“<\/em><\/p>\n\n\n\n

Between 2020 and 2023, the duo targeted organizations worldwide. Astamirov, using aliases like \u201cBETTERPAY,\u201d extorted $1.9 million from 12 victims and agreed to forfeit $350,000 in seized cryptocurrency. Vasiliev, using aliases such as \u201cGhostrider,\u201d caused $500,000 in damages to 12 victims, including schools and businesses. Both pleaded guilty to multiple charges, with Astamirov facing up to 25 years in prison and Vasiliev up to 45 years. Sentencing dates are yet to be set.<\/p>\n\n\n\n

“Astamirov pleaded guilty to a two-count information charging him with conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud. He faces a maximum penalty of 25 years in prison. Vasiliev pleaded guilty to a four-count information charging him with conspiracy to commit computer fraud and abuse, intentional damage to a protected computer, transmission of a threat in relation to damaging a protected computer, and conspiracy to commit wire fraud. He faces a maximum penalty of 45 years in prison. A sentencing date has not yet been set.” concludes the press release.<\/em><\/p>\n\n\n\n

In May 2024, the FBI, UK National Crime Agency, and Europol unmasked<\/strong><\/a>\u00a0the identity of the admin\u00a0of the\u00a0LockBit<\/a>\u00a0ransomware operation, aka \u2018LockBitSupp\u2019 and \u2018putinkrab\u2019 , and issued sanctions against him. It was the first time that the admin of the notorious group was identified by law enforcement.<\/p>\n\n\n\n

The man is a Russian national named Dmitry Yuryevich Khoroshev (31) of Voronezh, Russia.<\/p>\n\n\n\n

In May 2023, the US Justice Department\u00a0charged<\/a>\u00a0<\/strong>Russian national Mikhail Pavlovich Matveev (30), aka Wazawaka, m1x, Boriselcin, and Uhodiransomwar, for his alleged role in multiple ransomware attacks.<\/p>\n\n\n\n

The DoJ unsealed two indictments charging the man with using three different ransomware families in attacks aimed at numerous victims throughout the United States. The attacks hit law enforcement agencies in Washington, D.C. and New Jersey, as well as organizations in the healthcare and other sectors nationwide.<\/gwmw><\/p>\n\n\n\n

On or about June 25, 2020, Matveev and his LockBit coconspirators targeted a law enforcement agency in Passaic County, New Jersey. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. On April 26, 2021, Matveev and his Babuk coconspirators hit the\u00a0Metropolitan Police Department<\/a>\u00a0in Washington, D.C.<\/gwmw><\/p>\n\n\n\n

The Russian citizen was charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, the man could face a sentence of over 20 years in prison.\u00a0<\/p>\n\n\n\n

The man is suspected to be living in Russia and is operating from that country. Clearly, due to the ongoing geopolitical crisis, it\u2019s unlikely that Russia will capture the man to extradite him to the United States.\u00a0<\/p>\n\n\n\n

The US government also charged in the past other LockBit members,\u00a0including Artur Sungatov<\/a> and\u00a0Ivan Kondratyev<\/a>\u00a0(Bassterlord).<\/gwmw><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0ransomware)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. Two foreign nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in Newark federal court for their roles in the LockBit ransomware operation. The LockBit ransomware operation has been active since January 2020, the group hit […]<\/p>\n","protected":false},"author":1,"featured_media":164879,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,3,5,7],"tags":[88,4112,9508,9506,10918,11454,30,687,841,1533],"class_list":["post-165941","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-cyber-crime","category-hacking","category-malware","tag-cybercrime","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-lockbit-ransomware","tag-malware-2","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司