The US Department of Justice (DoJ) has announced charges against a Russian citizen in connection with the deployment of LockBit ransomware to targets in the US, Asia, Europe and Africa.

According to TheHackerNews , Ruslan Magomedovich Astamirov (20 years old) is accused of carrying out at least 5 attacks between August 2020 and March 2023.

The DoJ said Astamirov allegedly participated with other members of the LockBit ransomware campaign to commit fraud and intentionally corrupt protected computers and issue ransom demands through the use and deployment of ransomware.

The hacker managed multiple email addresses, IP addresses, and other online accounts to deploy ransomware and communicate with victims as part of LockBit-related operations. US law enforcement said it was able to trace a portion of an unnamed victim’s ransom payment to a cryptocurrency wallet controlled by Astamirov.

If convicted, Astamirov faces a maximum penalty of 20 years in prison on the first count and five years on the second. He is the third person to be indicted in the United States in connection with LockBit, following Mikhail Vasiliev, who is awaiting extradition to the United States, and Mikhail Pavlovich Matveev, who was indicted in absentia last month for his involvement in the LockBit, Babuk, and Hive ransomware.

In a recent interview with The Record , Matveev said he was not surprised by the FBI’s decision to put him on the most wanted list online. He said he expected the news about him to be forgotten soon. Matveev also acknowledged his role as a Hive affiliate and expressed his desire to take Russian IT to the next level.

The DoJ's announcement comes a day after cybersecurity agencies from Australia, Canada, France, Germany, New Zealand, the UK and the US issued a joint warning about the LockBit ransomware.

This is a ransomware-as-a-service (RaaS) model, where the core group recruits affiliates to carry out attacks on corporate networks on their behalf in exchange for a portion of the ill-gotten gains. The affiliates typically encrypt victim data and then threaten to post the stolen data on leak websites to pressure the targets into paying the ransom.

LockBit estimates it has carried out nearly 1,700 attacks since it emerged in late 2019, although the exact number is believed to be higher as data leak websites typically only reveal the names and leaked data of victims who refuse to pay the ransom.