Russian ransomware hacker extorted millions from U.S. businesses, prosecutors say

Key Points
  • A Chechen-born hacker was arrested by federal law enforcement and charged with violating federal law on ransom demands and wire fraud.
  • Ruslan Astamirov allegedly used the LockBit ransomware as a service to target five U.S. and international businesses.
  • He's the third Russia-linked individual to be charged by federal prosecutors for involvement in the LockBit ransomware.
Kacper Pempel | Reuters

A 20-year-old Russian hacker was part of a campaign that worked to extort tens of millions of dollars from more than 1,400 victims, federal prosecutors said Thursday.

Ruslan Astamirov, a citizen of the Russian-controlled Chechen Republic, was arrested by federal law enforcement at an unspecified date and faces charges of conspiracy to commit wire fraud and ransoming, New Jersey federal prosecutors said.

Astamirov allegedly deployed ransomware called LockBit to steal sensitive data from the servers of businesses, then lock those systems and demand payment of hundreds of thousands of dollars. If the victims didn't pay, Astarimov allegedly threatened to release the data.

Department of Justice prosecutors allege Astamirov was directly responsible for five different attacks against U.S. businesses in Florida and Virginia, as well as international businesses based in France, Japan and Kenya.

At least one of the victims paid $700,000, the complaint says. Another victim refused to pay, and Astamirov uploaded its data to LockBit's public server, according to the complaint.

LockBit-powered attacks account for 16% of ransomware attacks against state and local governments, according to the Department of Homeland Security.

"In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the Department has once again demonstrated the long arm of the law. We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide," Deputy Attorney General Lisa Monaco said.

LockBit was first identified in January 2020 on Russian-language cybercrime forums. It's part of a class of hacking methods and technologies dubbed ransomware as a service (RaaS).

In RaaS, a technical team of developers exploits and maintains software to penetrate corporate or individual computers, then end users buy the software and deploy it against corporate networks. The end users pay either a fee or a percentage of their profits to the technical group behind LockBit.

Astamirov will face a federal judge Thursday, prosecutors said in a release announcing his arrest. He's the third Russia-linked individual to be charged with crimes related to using LockBit.

His arrest comes as cybersecurity matters grow in size and importance. NBC News reported Thursday on a widespread cyberattack that has affected "several" federal agencies. CNBC previously reported on how a China-backed cyber group compromised U.S. Navy systems, according to Navy Secretary Carlos Del Toro.