A dual Russian-Israeli national, identified as a key developer for the notorious LockBit ransomware group, has been extradited to the United States from Israel. Rostislav Panev, aged 51, was apprehended in 2023 and made his initial court appearance in the US on March 14.

Details of the Allegations

The complaint reveals that Panev was involved with the LockBit ransomware group from 2019 until at least February 2024. This group has been responsible for over 2,500 attacks across 120 countries, with 1,800 incidents occurring in the US alone. Their targets included a wide range of entities, from individuals and small businesses to large multinational corporations, including nonprofits, educational institutions, hospitals, and critical infrastructure.

Financial Impact and Arrest Findings

LockBit's operations have reportedly resulted in at least $500 million in ransom payments, causing billions in financial losses. Upon Panev's arrest, authorities discovered his computer administrator credentials linked to a Dark Web repository containing various versions of the LockBit builder's source code. Additionally, they found the StealBit tool code, used by affiliates to exfiltrate stolen data.

Communication and Financial Transactions

Panev is alleged to have communicated with LockBit's main administrator, Dmitry Yuryevich Khoroshev, via a cybercriminal forum. Their discussions focused on the development of the LockBit builder and control panel. Court documents also reveal that Khoroshev transferred over $230,000 in cryptocurrency to Panev between June 2022 and February 2024.

Admissions and Rewards

During interviews with Israeli authorities, Panev admitted to providing coding and consulting services for LockBit, receiving regular cryptocurrency payments. The US Department of State's Transnational Organized Crime (TOC) Rewards Program is offering up to $10 million for information leading to the arrest or conviction of Khoroshev and other key LockBit members.

Learn more about zero-day vulnerabilities in our detailed Research section.

The link has been copied!