A key developer for the notorious LockBit ransomware operation has been extradited to the United States. Rostislav Panev, a 51-year-old dual Russian-Israeli national, faces charges related to his alleged role in the group’s activities.
Panev’s arrest in Israel last August led to the discovery of crucial evidence on his laptop. This included LockBit’s internal control panel credentials and a repository containing source code. The source code covered LockBit’s encryptors and the group’s data theft tool, StealBit.
In December, the U.S. Department of Justice formally charged Panev. The charges accuse him of developing LockBit’s ransomware encryptors and StealBit. Between June 2022 and February 2024, Panev allegedly earned $230,000 in cryptocurrency for his work.
Panev’s involvement with LockBit dates back to its inception in 2019. He allegedly helped operators and affiliates attack over 2,500 entities across 120 countries. The attacks resulted in ransom payments exceeding $500,000,000. Approximately 1,800 victims (72%) were U.S.-based, including hospitals, schools, corporations, and government agencies.
“Panev acted as a developer of the LockBit ransomware group from its inception in or around 2019 through at least February 2024,”
States the U.S. DoJ announcement.
“During that time, Panev and his LockBit coconspirators grew LockBit into what was, at times, the most active and destructive ransomware group in the world.”
Panev remained a core team member until February 2024. An international law enforcement operation, led by the UK’s National Crime Agency (NCA) and the FBI, significantly disrupted the LockBit organization around that time.
This disruption followed indictments against other LockBit members, including its leader, Dmitry Yuryevich Khoroshev (“LockBitSupp”), who remains wanted with a $10 million reward.
Other LockBit members charged in the U.S. include Mikhail Vasiliev (awaiting sentencing), Ruslan Astamirov (awaiting sentencing), Artur Sungatov (wanted), Ivan Kondratyev (wanted), and Mikhail Matveev (wanted).
These individuals are suspected of being affiliates or operators. Matveev is also linked to other ransomware variants and has a $10 million bounty. The U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program offers rewards for information leading to the arrest of other LockBit members.
Helpful Reads: