Two members of the infamous LockBit gang pleaded guilty in court in the United States over their roles in deploying ransomware against organizations in the US and worldwide.
Offered under the ransomware-as-a-service (RaaS) business model, LockBit has been around since September 2019 and was the target of a law enforcement takedown operation in February 2024.
The group resumed operations shortly after the disruption and even became the most active ransomware gang in terms of attack volume in May.
Since its inception, the LockBit operation has hit over 2,500 victims in more than 120 countries worldwide, including 1,800 in the US. Targets include critical infrastructure, government organizations, hospitals, schools, and nonprofits.
In early May, the US announced charges against Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia, also known as LockBitSupp, LockBit, and putinkrab, allegedly the mastermind behind the RaaS.
The US is offering a reward of $10 million for information on Khoroshev, who is estimated to have made over $100 million from the LockBit operation.
Last week, the US announced that Ruslan Magomedovich Astamirov (Астамиров, Руслан Магомедовичь), 21, a Russian national of Chechen Republic, Russia, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario, pleaded guilty for their roles in the operation.
Vasiliev – who was also sentenced to prison in Canada – and Astamirov, along with other LockBit affiliates, identified and compromised vulnerable systems, stole victims’ data, and deployed LockBit to encrypt the data.
The LockBit group would then extort its victims, demanding a ransom in exchange for the decryption keys and the stolen information, and threatening to release the data publicly.
“LockBit’s members extracted at least approximately $500 million in ransom payments from their victims and caused billions of dollars in broader losses, including costs like lost revenue and incident response and recovery,” the US says.
According to court documents, Astamirov, also known as Betterpay, offtitan, and Eastfarmer deployed LockBit against at least 12 victims and derived more than $1.9 million in ransom payments from them. He was arrested and charged in June 2023.
Vasiliev, also known as Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110, deployed LockBit against at least 12 victims, causing more than $500,000 in damage and losses.
Astamirov faces up to 25 years in prison, while Vasiliev could be sentenced to up to 45 years in prison.
Related: Ukrainian Sentenced to Prison in US for Role in Zeus, IcedID Malware Operations
Related: Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing
Related: Nigerian Faces Prison in US After BEC Fraud Conviction
Related: Extradited Russian Hacker Behind ‘NLBrute’ Malware Pleads Guilty
