A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges.
Rostislav Panev, 51, was arrested in Israel last August, where police reportedly found incriminating evidence on his laptop. This included credentials for LockBit’s internal control panel and a repository containing source code for LockBit encryptors and the gang’s custom data theft tool, StealBit.
In December, the U.S. Department of Justice charged Panev, accusing him of developing LockBit’s ransomware encryptors and StealBit.
Over 18 months, between June 2022 and February 2024, Panev allegedly earned $230,000 in cryptocurrency for his work with the group.
Panev has been involved with LockBit ransomware since its inception in 2019, helping operators and affiliates attack over 2,500 entities across 120 countries and extracting ransom payments of over $500,000,000.
Approximately 1,800 victims (72%) were U.S.-based entities, including hospitals, schools, corporations, and government agencies.
“Panev acted as a developer of the LockBit ransomware group from its inception in or around 2019 through at least February 2024,” reads the U.S. DoJ announcement.
“During that time, Panev and his LockBit coconspirators grew LockBit into what was, at times, the most active and destructive ransomware group in the world.”
Panev remained an active member of LockBit ransomware’s core team until February 2024, when an international law enforcement operation led by the UK’s National Crime Agency (NCA) and the FBI severely disrupted the cybercrime organization.
Dismantling LockBit
Panev’s arrest, indictment, and now extradition follow indictments against other LockBit members, including its leader Dmitry Yuryevich Khoroshev (“LockBitSupp”), who is currently wanted with a $10M reward.
Other prominent LockBit members who have been charged in the U.S. include Mikhail Vasiliev (awaiting sentencing), Ruslan Astamirov (awaiting sentencing), Artur Sungatov (wanted), Ivan Kondratyev (wanted), and Mikhail Matveev (wanted).
All of these people are suspected of being LockBit affiliates or operators. At the same time, Matveev has also had a role in multiple other ransomware variants apart from LockBit and has a $10M bounty reward for tips leading to his arrest.
The U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program offers $10 million for information leading to the identification and location of other core team members of LockBit, while $5 million is given for tips on affiliates.
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.