3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Ruslan Magomedovich Astamirov

Ruslan Magomedovich Astamirov

ID: aad37479939009df854f98b43851ffae
Cybercrime Cybercriminal
Threat types: Ransomware, RaaS
Russia
Updated: 2026-03-05
Created: 2026-03-04
Progress: 69% Completeness: 69% Freshness: 70%
Operation zone:
Aliases Limited alias preview
ASTAMIROV BETTERPAY Ea******** Of******
Ru************** Ру**************************
Showing 2 of 6 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: high
Actor Techniques page ATT&CK® Diagram

Ruslan Magomedovich Astamirov is publicly documented as a LockBit ransomware affiliate who deployed LockBit against at least 12 victims across multiple countries (2020–2023), operating under aliases BETTERPAY, offtitan, and Eastfarmer. Official reporting ties his activity to double extortion (steal + encrypt + publish) and to ransom-derived proceeds and forfeiture.


Technique Technique name Tactics Evidence
T1078 Valid Accounts TA0001 TA0003 TA0004 TA0005
  • 2024-07-18 — Affiliate model described: members unlawfully accessed victim systems prior to deployment (exact access method not fully enumerated in curated summary). · ref
T1190 Exploit Public-Facing Application TA0001
  • 2024-07-18 — INFERENCE (confidence: medium): affiliate members are described as identifying and accessing vulnerable computer systems; exploitation of public-facing applications is a plausible access pattern but not explicitly detailed for this individual in the summary. · ref
T1486 Data Encrypted for Impact TA0040
  • 2024-07-18 — Deployment of LockBit ransomware and encryption of victim data is explicitly described as part of affiliate operations. · ref
T1567.002 Exfiltration to Cloud Storage TA0010
  • 2024-07-18 — Publication of stolen victim data on a publicly accessible site under LockBit control is described as the consequence when ransoms are not paid (double extortion). · ref
T1041 Exfiltration Over C2 Channel TA0010
  • 2024-07-18 — Double extortion model implies data theft/exfiltration prior to publication; mechanism is campaign-dependent and not fully enumerated in the summary. · ref
T1654 Log Enumeration TA0007
  • 2023-06-15 — Ransom demands and victim communication are described as part of the conspiracy to transmit ransom demands and commit wire fraud. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-05T23:19:35+00:00

Ruslan Magomedovich Astamirov - LockBit affiliate (individual defendant; ransomware deployment + extortion)

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for Decision Makers — Ruslan Magomedovich Astamirov (LockBit affiliate)

Classification: Unclassified / OSINT — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Ruslan Magomedovich Astamirov (LockBit affiliate behavior)

Scope: Affiliate-driven LockBit intrusion behaviors. Focus on mid-chain telemetry (lateral movement, exfil staging, encryption onset) because initial access vectors vary across campaigns.

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-05T23:10:42+00:00

IOC Appendix — Ruslan Magomedovich Astamirov (LockBit affiliate)

Classification: Unclassified / OSINT — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-05T23:20:26+00:00

OSINT Library — Ruslan Magomedovich Astamirov (LockBit affiliate)


2023-06-15 — U.S. DOJ (OPA) — “Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks…”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.