2 Russian Citizens Involved in Global Ransomware Cyber Attack
Morrissey Technology – Two Russian citizens admitted to being involved in a number of LockBit ransomware attacks targeting victims in a number of countries. According to a Department of Justice press release, Russian citizen Ruslan Magomedovich Astamirov and Canadian/Russian citizen Mikhail Vasiliev are affiliates of LockBit’s ransomware-as-a-service operation. LockBit affiliates such as Vasiliev and Astamirov would identify and breach vulnerable systems on victims’ networks, steal sensitive stored data, and help deploy ransomware payloads to encrypt files.
Next, they will demand a ransom from the victims in exchange for deleting and not leaking the stolen data online and decrypting the victim’s data. If victims do not pay the ransom, LockBit will leave their data permanently encrypted and publish the stolen files, including highly sensitive information, on the gang’s dark web leak sites. According to court documents, Astamirov (aka BETTERPAY, offtitan, and Eastfarmer) used LockBit between 2020 and 2023 against at least a dozen victims, including businesses in Virginia, Japan, France, Scotland, and Kenya. He collected at least US$1.9 million (equivalent to Rp. 30.8 billion) in ransom money from the cyber attack.
Meanwhile, Vasiliev (aka Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110) also used LockBit ransomware in at least 12 attacks against victims around the world, including businesses in New Jersey, Michigan, England, and Switzerland between the years 2021 to 2023. The attack caused damage and losses of at least US$500,000. Astamirov was arrested in Arizona in June 2023 and charged with spreading LockBit ransomware. Vasiliev, who was extradited to the United States in June, has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. According to Bleeping Computer, Astamirov faces a maximum sentence of 25 years in prison, while Vasiliev faces a maximum sentence of 45 years in prison. Until now there is no information on the timetable for the verdict for the two Russian cybercriminals.
LockBit’s lunge
LockBit 3.0 is an organized crime ransomware that is motivated by financial gain. It is known that they used Multi-Extortion tactics, to manage and disclose data to the public as well as coordinating the sale of victim data. Palo Alto Networks, a cybersecurity company, also stated that the Lockbit 3.0 ransomware group was the most dominant globally and in Asia Pacific for this ransomware mode. They accounted for 928 leak site posts or 23 percent of all global attacks.
In February, this ransomware group was busted by law enforcement through ‘Operation Kronos’ involving 10 countries, including the US and UK. The result, for example, was that two Russian citizens were arrested in the US. Apart from that, control of the Lockbit website was taken over. LockBit emerged in September 2019 as ABCD and has since claimed and been linked to attacks on many well-known companies and organizations, including Boeing, automotive giant Continental, ank of America, Italy’s Internal Revenue Service, and Britain’s Royal Mail.
In February 2024, law enforcement conducted Operation Cronos, crippling LockBit’s infrastructure and seizing 34 servers. These servers contain over 2,500 decryption keys that are used to create the free LockBit 3.0 Black Ransomware decryptor. The US Department of Justice and the UK’s National Crime Agency estimate that the gang extorted between $500 million and $1 billion after carrying out at least 7,000 attacks between June 2022 and February 2024. The LockBit 3.0 group was also recently mentioned in the case of hacking the Temporary National Data Center (PDNS) 2 in Surabaya using ransomware mode.