LockBit Affiliate Arrested, as Extortion Totals Reach $91M Since 2020

A third perp has been fingered, but CISA warns that LockBit variants continue to be a major threat on a global scale.

The US Department of Justice has arrested and charged a Russian national, Ruslan Magomedovich Astamirov, for his role as an affiliate for the LockBit ransomware.
Specifically, Astamirov is accused of directly executing at least five attacks between August 2020 and last March, against victim computer systems in the United States and abroad.
Astamirov is the third defendant charged by this office in the LockBit global ransomware campaign, and the second defendant to be apprehended, US Attorney Philip R. Sellinger, District of New Jersey, said in a
DoJ statement
. The LockBit conspirators and any other ransomware perpetrators cannot hide behind imagined online anonymity.
Astamirov is charged with conspiring to commit wire fraud and conspiring to intentionally damage protected computers and to transmit ransom demands. If convicted, he faces a maximum penalty of 25 years in prison, along with a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest. The latter number may be larger; CISA and other global cybersecurity authorities this week warned that affiliates using
LockBit ransomware
variants have collectively extorted around $91 million across 1,700 cyberattacks against US organizations since 2020.
Multiple criminal affiliates use LockBit ransomware, which functions as a ransomware-as-a-service (RaaS) model, so the different attacks vary in how they operate and in their tactics, techniques, and procedures (TTPs), making it
more difficult for organizations
to protect themselves. Even so, theyre finding it increasingly difficult to evade law enforcement scrutiny.
The latest DoJ announcement follows LockBit-related charges in two other cases from the District of New Jersey. In November, the department announced LockBit-related criminal charges against Mikhail Vasiliev, who is in custody in Canada awaiting extradition to the United States. In May, the department announced the indictment of Mikhail Pavlovich Matveev, for his alleged participation in separate conspiracies to deploy LockBit, Babuk, and Hive ransomware — he remains at large.
Meanwhile, LockBit attacks continue. The most recent LockBit ransomware activity was observed this year in New Zealand in February, Australia in April, and the United States on May 25.
CISA and
fellow authors in the advisory
recommended that organizations apply mitigations such as sandboxing browsers, installing Web application firewalls, requiring phishing-resistant multifactor authentication (MFA), and installing up-to-date antivirus software, to prevent against ransomware attacks.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
LockBit Affiliate Arrested, as Extortion Totals Reach $91M Since 2020