USCrime & Public Safety

Russian National Charged for Alleged Ransomware Extortion From US, Foreign Businesses

Save
Russian National Charged for Alleged Ransomware Extortion From US, Foreign Businesses
A man types on a computer keyboard on Feb. 28, 2013. (Kacper Pempel/Reuters)
Katabella Roberts
6/16/2023
Updated:
6/16/2023
0:00

A Russian hacker has been arrested and charged for allegedly deploying malicious software to dozens of computers and launching cyberattacks against multiple businesses in the United States and abroad.

Ruslan Magomedovich Astamirov, 20, of the Russian-controlled Chechen Republic, was arrested and charged in Arizona on June 15 with conspiring to commit wire fraud and conspiring to intentionally damage protected computers and to transmit ransom demands, according to the Department of Justice.

If convicted, he faces up to 20 years behind bars on the first charge and a maximum penalty of five years on the second charge.

Both charges are also punishable by a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest.

According to prosecutors, between August 2020 to March 2023, Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign—a Russian-linked ransomware group—to commit wire fraud and intentionally damage protected computers and make financial demands via the deployment of ransomware.

Ransomware is a type of malware used by cyber criminals to encrypt data stored on victims’ computers, rendering it inaccessible and unusable by the victim. The criminals typically then transfer the data to another computer and demand a ransom payment from the victim in return for removing the encryption or not publishing the data online.

LockBit Group

LockBit ransomware attacks first began around January 2020, according to the DOJ, and members of the group have already conducted more than 1,400 attacks against victims, demanded more than $100 million in ransom, and received tens of millions of dollars in payments.
According to the Department of Homeland Security, LockBit-powered attacks made up 16 percent of ransomware attacks against state and local governments in 2022, including incidents impacting municipal governments, county governments, public higher education and K–12 schools, and emergency services.
Most recently, the LockBit ransomware group was reportedly behind the cyberattack on Managed Care of North America (MCNA)—one of the largest dental health insurers in the United States—which saw the personal information of nearly 9 million individuals compromised.

The group stated that it published all of the files it extracted from MCNA—amounting to 700 GB of data—after the company refused to pay a $10 million ransom demand.

Astamirov himself directly executed at least five computer attacks against businesses in Florida and Virginia, as well as businesses based in France, Japan, and Kenya, according to a complaint (pdf).
Four of those five attacks were LockBit attacks, prosecutors said, with at least one of the victims coughing up $700,000 in an attempt to prevent their personal data from being publicly shared online.

3rd LockBit Arrest

Another victim refused to pay, and Astamirov subsequently uploaded the company’s data to LockBit’s public server, according to the complaint.

Astamirov’s arrest marks the second LockBit-related arrest by U.S. authorities in six months and the third in total. In November 2022, Mikhail Vasiliev, a dual Russian and Canadian national, was arrested and charged with conspiracy to intentionally damage protected computers and to transmit ransom demands.

Vasiliev is currently in custody in Canada awaiting extradition to the United States.

In May 2023, Russian national Mikhail Pavlovich Matveev was charged with multiple federal crimes after prosecutors accused him of conspiracies to deploy LockBit, Babuk, and Hive ransomware variants against victims in the United States and abroad.

“This LockBit-related arrest, the second in six months, underscores the Justice Department’s unwavering commitment to hold ransomware actors accountable,” said Deputy Attorney General Lisa O. Monaco in a statement.

“In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the Department has once again demonstrated the long arm of the law. We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide,” Monaco said.

The Epoch Times has contacted an attorney for Astamirov for comment.