Law enforcement agencies cracking down on cyber criminals

Ellie Ludlam of Pinsent Masons was commenting after the DoJ announced that it had arrested and charged a Russian national, 20-year-old Ruslan Magomedovich Astamirov, in connection with ransomware attacks.

The DoJ said Astamirov has been charged with “conspiring to commit wire fraud and conspiring to intentionally damage protected computers and to transmit ransom demands”. It alleged Astamirov directly executed at least five ‘LockBit’ ransomware attacks. Astamirov faces potentially years in prison and a substantial fine if he is convicted.

LockBit is the name of both a piece of malicious software and a group said to be behind criminal attacks on computer systems around the world. The DoJ estimates that LockBit actors have been behind more than 1,400 cyber attacks globally and received tens of millions of dollars-worth of bitcoin in ransom payments. Royal Mail and Pendragon are two UK-based organisations said to have been impacted by LockBit ransomware incidents.

Astamirov is the third person the DoJ has brought LockBit-related charges against in recent months. Dual Russian and Canadian national, Mikhail Vasiliev, is in Canada awaiting extradition to the US having been charged in November 2022. Last month, the DoJ also brought charges against Mikhail Pavlovich Matveev.

Ludlam said she had seen an increase in proactive UK law enforcement engagement in respect of cyber crime in recent months too. She said this reflects the content of the UK’s national cyber security strategy, in which the government said the UK’s approach to countering cyber threats would “shift to a more integrated and sustained campaign footing that will involve making routine, integrated and creative use of the full range of levers and capabilities available to impose costs on our adversaries, pursue and disrupt perpetrators and deter future attacks”.

In the strategy document, the Cabinet Office said: “We will build the intelligence, operational and technical capabilities of the UK’s law enforcement cyber network. We will invest in the NCA’s cyber intelligence capability, used to target organised crime groups, the regional intelligence build initiative, which will enhance intelligence access and movement across the UK, and the skills and capability that law enforcement need to investigate and disrupt cyber and digital crimes.”

Ludlam said increased law enforcement engagement is a topic which comes up often in conversations between businesses and cyber risk insurers.

“We have seen a marked shift in the level of proactive engagement from UK law enforcement across the last 12 to 18 months, from the police informing organisations that they have experienced a data breach where their own systems may have missed the signs, to notifying businesses that their data has been leaked on the dark web many months after a cyber incident,” Ludlam said.

“The new approach has changed the narrative around law enforcement engagement from being one where impacted organisations simply fed information about the incident to law enforcement to one where they very much work hand in hand. It has made a positive difference to the breach response process and to the outcome for organisations,” she said.