Russian national Ruslan Magomedovich Astamirov has been arrested in Arizona and charged by the US Department of Justice for allegedly deploying LockBit ransomware on victim networks in the US and abroad.

According to criminal complaintthe 20-year-old suspect from the Chechen Republic was allegedly involved in LockBit ransomware attacks between August 2020 and March 2023.

“Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and intentionally damage protected computers and demand ransom through the use and deployment of ransomware,” the US DOJ said. said.

“Specifically, Astamirov directly executed at least five attacks against victims’ computer systems in the United States and abroad.”

Astamirov was charged with conspiracy to transmit ransom demands, commit electronic fraud and intentionally damage protected computers.

If found guilty, he could face up to 20 years in prison for the wire fraud charge and up to five years in prison for the charge related to damaging protected computers.

The charges also carry the possibility of fines of up to $250,000 or double the financial gain or loss resulting from the violation, whichever is greater.

Third LockBit subsidiary charged in the US since November

Astamirov is the third LockBit affiliate charged by the US Department of Justice in the past seven months.

In November 2022, the DOJ disclosed criminal charges against Mikhail Vasilievcurrently detained in Canada and awaiting extradition to the United States.

In May 2023, Mikhail Pavlovich Matveev (also known as Wazawaka, m1x, Boriselcin and Uhodiransomwar) was also charged for his alleged involvement in deploying LockBit, Babuk and Hive ransomware in attacks targeting organizations inside and outside the United States.

“Astamirov is the third defendant indicted by this office in the global LockBit ransomware campaign, and the second defendant to be apprehended,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey.

“The LockBit conspirators and all other ransomware authors cannot hide behind imaginary online anonymity. We will continue to work tirelessly with all of our law enforcement partners to identify ransomware authors and bring to justice.”

LockBit ransomware emerged as a ransomware-as-a-service (RaaS) operation in September 2019 and has claimed several high-profile casualties around the world in recent months, including the Continental Automotive GiantTHE UK Royal MailTHE Italian Internal Revenue Serviceand the City of Oakland.

U.S. and international cybersecurity authorities also revealed in a joint advisory released Wednesday that this ransomware gang extorted approximately $91 million US organizations that have been victims of approximately 1,700 attacks since 2020.