June 16 (UPI) — U.S. federal prosecutors have arrested and charged a 20-year-old Russian hacker with being part of a conspiracy that targeted more than 1,000 victims with ransomware attacks that netted tens of millions of dollars in payments.
Ruslan Magomedovich Astamirov of Chechen Republic made his initial court appearance Thursday after being charged with conspiring to commit wire fraud and conspiring to intentionally damage protected computers to transmit ransom demands, the Justice Department said in a release.
He is accused of being involved in the LockBit ransomware scheme from August 2020 through March, during which he allegedly executed at least five cyberattacks against victim computer systems worldwide.
The criminal complaint identifies his victims as businesses based in Virginia and Florida’s West Palm Beach, as well as in France, Kenya and Tokyo, Japan.
“This LockBit-related arrest, the second in six months, underscores the Justice Department’s unwavering commitment to hold ransomeware actors accountable,” Deputy Attorney General Lisa Monaco said in a statement. “In securing the arrest of a second Russian national affiliated with the LockBit ransomeware, the department has once again demonstrated the long arm of the law.”
LockBit is ransomware, which is malicious software that encrypts files on a device, rendering then unusable. Those behind the malware then demand a ransom in exchange for decryption, according to the Cybersecurity and Infrastructure Security Agency.
According to the criminal complaint, LockBit first appeared around January 2020. CISA states that last year, it was the “most deployed ransomware variant across the world” and malicious actors have used it to target critical infrastructure sectors from financial services to transportation.
LockBit accounted for 16% of all U.S. government ransom incidents last year.
The FBI states it accounted for about 1,700 attacks in the United States since 2020, earning the malicious actors some $91 million.
The scheme also functions on what is called a ransomware-as-a-service model, meaning developers recruit affiliates to conduct the attacks and they split the proceeds, with developers earning 20% and affiliates retaining 80%.
Prosecutors accuse Astamirov of earning $700,000 at the affiliate rate for an attack targeting the Kenya-based business in March. If convicted, Astamirov faces up to 20 years’ imprisonment on the conspiring to commit wire fraud charge and five years for the other.
Federal prosecutors have previously charged two others in LockBit-related cases: Mikhail Vasiliev of Bradford, Ontario, Canada, was charged in November and Mihail Pavlovich of Russia was charged on May 16.
“Astamirov is the third defendant charged by this office in the LockBit global ransomware campaign, and the second defendant to be apprehended,” said U.S. Attorney Philip Sellinger for the District of New Jersey said in a statement.
“The LockBit conspirators and any other ransomware perpetrators cannot hide behind imagined online anonymity. We will continue to work tirelessly with all our law enforcement partners to identify ransomware perpetrators and bring them to justice.”