The US arrests a Russian citizen in connection with the LockBit.

The U.S. Department of Justice (DoJ) has just announced charges against a Russian citizen related to the deployment of the LockBit ransomware to targets in the U.S., Asia, Europe, and Africa.

According to TheHackerNews , Ruslan Magomedovich Astamirov (20 years old) is accused of carrying out at least five attacks between August 2020 and March 2023.

The DoJ stated that Astamirov is accused of participating with other members in the LockBit ransomware campaign to commit fraud, intentionally damaging protected computers, and making ransom demands through the use and deployment of ransomware.

This hacker managed multiple email addresses, IP addresses, and other online accounts to deploy ransomware and communicate with victims as part of operations related to the LockBit malware. US law enforcement said they were able to track a portion of a ransom payment from an unnamed victim to a digital wallet managed by Astamirov.

If convicted, Astamirov faces a maximum sentence of 20 years in prison for the first charge and 5 years for the second. He is the third individual to be prosecuted in the US in connection with LockBit. Previously, Mikhail Vasiliev, who is awaiting extradition, and Mikhail Pavlovich Matveev, who was indicted in absentia last month for their involvement in the LockBit ransomware, Babuk, and Hive, were also charged.

In a recent interview with The Record , Matveev said he was not surprised by the FBI's decision to place him on its most wanted online list. He predicted that news about him would soon fade into oblivion. Matveev also acknowledged his role as a branch of the Hive operation and expressed his desire to take IT in Russia to a new level.

The DoJ's announcement came a day after cybersecurity agencies from Australia, Canada, France, Germany, New Zealand, the United Kingdom, and the United States issued a joint warning about the LockBit ransomware.

This is a ransomware that operates on a service-as-a-service (RaaS) model, where the core group recruits affiliates to carry out attacks on company networks on their behalf, in exchange for a share of the illicit proceeds. The affiliates typically encrypt victims' data, then threaten to post the stolen data on vulnerable websites to pressure targets into paying a ransom.

LockBit is estimated to have carried out nearly 1,700 attacks since its emergence in late 2019, although the exact number is believed to be higher because data-leaking websites often only reveal the names and leaked data of victims who refuse to pay the ransom.