{
	"id": "0bce77cb-54e2-4b7e-b1b6-46c6a5db6a1b",
	"created_at": "2026-04-06T00:07:31.860126Z",
	"updated_at": "2026-04-10T03:20:53.785881Z",
	"deleted_at": null,
	"sha1_hash": "5aaced2752d4a8a4837590c2c52ba0e36dc2ad40",
	"title": "Two Foreign Nationals Plead Guilty to Participation in LockBit Ransomware Group",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 65051,
	"plain_text": "Two Foreign Nationals Plead Guilty to Participation in LockBit\r\nRansomware Group\r\nPublished: 2024-07-18 · Archived: 2026-04-05 20:06:21 UTC\r\nNEWARK, N.J. –Two foreign nationals pleaded guilty today in Newark federal court to participating in the\r\nLockBit ransomware group – at various times the most prolific ransomware variant in the world – and to\r\ndeploying LockBit attacks against victims in the United States and worldwide.\r\nAccording to court documents:\r\nRuslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 21, a Russian national of Chechen\r\nRepublic, Russia, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario, were\r\nmembers of LockBit. The LockBit ransomware variant first appeared in January 2020. Between that time and\r\nFebruary 2024, LockBit grew into what was at times the most active and destructive ransomware group in the\r\nworld. The LockBit group attacked more than 2,500 victims in at least 120 countries around the world, including\r\n1,800 in the United States. Those victims ranged from individuals and small businesses to multinational\r\ncorporations, and they included hospitals, schools, nonprofit organizations, critical infrastructure, and government\r\nand law-enforcement agencies. LockBit’s members extracted at least approximately $500 million in ransom\r\npayments from their victims and caused billions of dollars in broader losses, including costs like lost revenue and\r\nincident response and recovery.\r\nLockBit’s “affiliate” members, including Vasiliev and Astamirov, would first identity and unlawfully access\r\nvulnerable computer systems. They would then deploy LockBit ransomware on victim computer systems and both\r\nsteal and encrypt stored data. After a successful LockBit attack, LockBit’s affiliate members would then demand a\r\nransom from their victims in exchange for decrypting the victims’ data and deleting stolen data. When victims did\r\nnot pay the demanded ransoms, LockBit’s affiliates would then leave the victim’s data permanently encrypted and\r\npublish the stolen data, including highly sensitive information, on a publicly accessible Internet site under\r\nLockBit’s control.\r\n“Astamirov and Vasiliev thought that they could deploy LockBit from the shadows, wreaking havoc\r\nand pocketing massive ransom payments from their victims, without consequence. They were wrong.\r\nWe, in New Jersey, along with our domestic and international law enforcement partners will do\r\neverything in our power to hold LockBit’s members and other cybercriminals accountable, disrupt and\r\ndismantle their operations, and put a spotlight on them as wanted criminals – no matter where they hide.\r\nU.S. Attorney Philip R. Sellinger\r\n“Today’s convictions reflect the latest returns on the Department’s investment in disrupting ransomware threats,\r\nprioritizing victims, and holding cybercriminals accountable,” said Deputy Attorney General Lisa Monaco. “In\r\nexecuting our all-tools cyber enforcement strategy, we’ve dealt significant blows to destructive ransomware\r\ngroups like LockBit, as we did earlier this year, seizing control of LockBit infrastructure and distributing\r\nhttps://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group\r\nPage 1 of 6\n\ndecryption keys to their victims. Today’s actions serve as a warning to ransomware actors who would attack\r\nAmericans: we will find you and hold you accountable.”  \r\n“The defendants committed ransomware attacks against victims in the United States and around the world through\r\nLockBit, which was one of the most destructive ransomware groups in the world,” said Principal Deputy Assistant\r\nAttorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “But thanks to the\r\nwork of the Computer Crime and Intellectual Property Section, along with its domestic and international partners,\r\nLockBit no longer claims that title. Today’s convictions represent another important milestone in the Criminal\r\nDivision’s ongoing effort to disrupt and dismantle ransomware groups, protect victims, and bring cybercriminals\r\nto justice.”\r\n“It's a common misconception that cyber hackers won't get caught by law enforcement because they're smarter\r\nand savvier than we are,” FBI – Newark Special Agent in Charge James E. Dennehy said. “Two members of the\r\nLockBit affiliate pleading guilty to their crimes in U.S. federal court illustrate we can stop them and bring them to\r\njustice. These malicious actors believe they can operate with impunity – and don’t fear getting caught because\r\nthey sit in a country where they feel safe and protected. FBI Newark and our law enforcement partners around the\r\nglobe have the technology and intelligence to go after these criminals – regardless of where they hide.”\r\nBetween 2020 and 2023, Astamirov deployed LockBit against at least 12 victims, including businesses in Virginia,\r\nJapan, France, Scotland, and Kenya. Operating under the online aliases “BETTERPAY,” “offtitan,” and\r\n“Eastfarmer,” he derived at least $1.9 million in ransom payments from those victims. As part of his plea\r\nagreement, Astamirov agreed to forfeit, among other assets, $350,000 in seized cryptocurrency that he extorted\r\nfrom one of his LockBit victims. Astamirov was first charged and arrested in this matter in June 2023.\r\nBetween 2021 and 2023, Vasiliev, operating under the online aliases “Ghostrider,” “Free,” “Digitalocean90,”\r\n“Digitalocean99,” “Digitalwaters99,” and “Newwave110,” deployed LockBit against at least 12 victims, including\r\nbusinesses in New Jersey, Michigan, the United Kingdom, and Switzerland. He also deployed LockBit against an\r\neducational facility in England and a school in Switzerland. Through these attacks, Vasiliev caused at least\r\n$500,000 in damage and losses to his victims. Vasiliev was first charged in this matter and arrested in Canada by\r\nCanadian authorities in November 2022, and extradited to the United States in June.\r\nAstamirov pleaded guilty to a two-count information charging him with conspiracy to commit computer fraud and\r\nabuse and conspiracy to commit wire fraud. He faces a maximum penalty of 25 years in prison. Vasiliev pleaded\r\nguilty to a four-count information charging him with conspiracy to commit computer fraud and abuse, intentional\r\ndamage to a protected computer, transmission of a threat in relation to damaging a protected computer, and\r\nconspiracy to commit wire fraud. He faces a maximum penalty of 45 years in prison. A sentencing date has not yet\r\nbeen set. A federal district court judge will determine any sentence after considering the U.S. Sentencing\r\nGuidelines and other statutory factors.\r\nThe LockBit Investigation\r\nToday’s guilty pleas follow a recent a disruption of LockBit ransomware in February by the U.K. National Crime\r\nAgency’s (NCA) Cyber Division, which worked in cooperation with the Justice Department, FBI, and other\r\ninternational law enforcement partners. As previously announced by the Department, authorities disrupted\r\nLockBit by seizing numerous public-facing websites used by LockBit to connect to the organization’s\r\nhttps://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group\r\nPage 2 of 6\n\ninfrastructure and by seizing control of servers used by LockBit administrators, thereby disrupting the ability of\r\nLockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data. This\r\ndisruption succeeded in greatly diminishing LockBit’s reputation and its ability to attack further victims, as\r\nalleged by documents filed in this case.\r\nToday’s guilty pleas also follow charges brought in the District of New Jersey against other LockBit members,\r\nincluding its alleged creator, developer, and administrator, Dmitry Yuryevich Khoroshev. An indictment against\r\nKhoroshev unsealed in May alleges that Khoroshev began developing LockBit as early as September 2019,\r\ncontinued acting as the group’s administrator through 2024, a role in which Khoroshev recruited new affiliate\r\nmembers, spoke for the group publicly under the alias “LockBitSupp,” and developed and maintained the\r\ninfrastructure used by affiliates to deploy LockBit attacks. Khoroshev also took 20 percent of each ransom paid by\r\nLockBit victims, allowing him to personally derive at least $100 million over that period. Khoroshev is currently\r\nthe subject of a reward of up to $10 million through the U.S. Department of State’s Transnational Organized\r\nCrime (TOC) Rewards Program, with information accepted through the FBI tip website at www.tips.fbi.gov\r\n.\r\nBoth defendants are scheduled to be sentenced on Jan. 8, 2025.\r\nA total of six LockBit members, including Khoroshev, the alleged developer, and Astamirov and Vasiliev, both\r\naffiliates, have now been charged in the District of New Jersey. Other LockBit charges include:\r\nIn February, in parallel with the disruption operation, an indictment was unsealed in the District of New\r\nJersey charging Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with\r\ndeploying LockBit against numerous victims throughout the United States, including businesses\r\nnationwide in the manufacturing and other industries, as well as victims around the world in the\r\nsemiconductor and other industries.\r\nIn May 2023, two indictments were unsealed in Washington, D.C., and the District of New Jersey charging\r\nMikhail Matveev, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, with using different\r\nhttps://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group\r\nPage 3 of 6\n\nransomware variants, including LockBit, to attack numerous victims throughout the United States,\r\nincluding the Washington, D.C., Metropolitan Police Department. Matveev is currently the subject of a\r\nreward of up to $10 million through the U.S. Department of State’s TOC Rewards Program, with\r\ninformation accepted through the FBI tip website at www.tips.fbi.gov/\r\n.\r\nThe U.S. Department of State’s TOC Rewards Program is offering rewards of:\r\nUp to $10 million for information leading to the arrest and/or conviction in any country of Khoroshev;\r\nUp to $10 million for information leading to the arrest and/or conviction of Matveev;\r\nUp to $10 million for information leading to the identification and location of any individuals who hold a\r\nkey leadership position in LockBit; and\r\nUp to $5 million for information leading to the arrest and/or conviction in any country of any individual\r\nparticipating or attempting to participate in LockBit.\r\nInformation is accepted through the FBI tip website at www.tips.fbi.gov/.\r\nKhoroshev, Matveev, Sungatov, and Kondratyev have also been designated for sanctions by the Department of the\r\nTreasury’s Office of Foreign Assets Control for their roles in launching cyberattacks.  \r\nVictim Assistance\r\nhttps://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group\r\nPage 4 of 6\n\nLockBit victims are encouraged to contact the FBI and submit information at https://lockbitvictims.ic3.gov/\r\n. As announced by the Department in February, law enforcement, through its disruption efforts, has developed\r\ndecryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using\r\nthe LockBit ransomware variant. Submitting information at the ICE site will enable law enforcement to determine\r\nwhether affected systems can be successfully decrypted.\r\nLockBit victims are also encouraged to visit https://www.justice.gov/usao-nj/lockbit for case updates and\r\ninformation regarding their rights under U.S. law, including the right to submit victim impact statements and\r\nrequest restitution, in the litigation against Astamirov and Vasiliev.\r\nThe FBI Newark Field Office, under the supervision of Special Agent in Charge James E. Dennehy, is\r\ninvestigating the LockBit ransomware variant. The FBI Atlanta Field Office, under the supervision of Special\r\nAgent in Charge Keri Farley; U.S. Attorney’s Office for the Northern District of Georgia; Ontario Provincial\r\nPolice in Ontario, Canada; and Crown Attorney’s Office in Toronto, Canada, provided significant assistance in the\r\nVasiliev matter. The United Kingdom’s NCA; France’s  Gendarmerie Nationale Cyberspace Command;\r\nGermany’s Landeskriminalamt Schleswig-Holstein and the Bundeskriminalamt; Switzerland’s Federal Office of\r\nPolice, Public Prosecutor’s Office of the Canton of Zurich, and Zurich Cantonal Police; Japan’s National Policy\r\nAgency; Australian Federal Police; Sweden’s Polismyndighetens; Royal Canadian Mounted Police; Politie Dienst\r\nRegionale Recherche Oost-Brabant of the Netherlands; Finland’s Poliisi; Europol; and Eurojust have provided\r\nsignificant assistance and coordination in both matters and in the LockBit investigation generally.\r\nAssistant U.S. Attorneys Andrew M. Trombly, David E. Malagold, and Vinay Limbachia for the District of New\r\nJersey and Trial Attorneys Jessica C. Peck, Debra Ireland, and Jorge Gonzalez of the Criminal Division’s\r\nComputer Crime and Intellectual Property Section (CCIPS) and are prosecuting the charges against Astamirov and\r\nVasiliev.\r\nThe Justice Department’s Cybercrime Liaison Prosecutor to Eurojust, Office of International Affairs, and National\r\nSecurity Division also provided significant assistance.\r\nhttps://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group\r\nPage 5 of 6\n\nAdditional details on protecting networks against LockBit ransomware are available at StopRansomware.gov.\r\nThese include Cybersecurity and Infrastructure Security Agency Advisories AA23-325A, AA23-165A, and AA23-\r\n075A. \r\nSource: https://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group\r\nhttps://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group"
	],
	"report_names": [
		"two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group"
	],
	"threat_actors": [],
	"ts_created_at": 1775434051,
	"ts_updated_at": 1775791253,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5aaced2752d4a8a4837590c2c52ba0e36dc2ad40.pdf",
		"text": "https://archive.orkl.eu/5aaced2752d4a8a4837590c2c52ba0e36dc2ad40.txt",
		"img": "https://archive.orkl.eu/5aaced2752d4a8a4837590c2c52ba0e36dc2ad40.jpg"
	}
}