Pierluigi Paganini
December 22, 2024
Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. Arrested in Israel, he awaits extradition to the U.S.
Panev was arrested in Israel in August and is awaiting extradition to the U.S. on criminal charges.
The man is accused of being a LockBit ransomware developer from 2019 through at least February 2024. The leading ransomware group attacked over 2,500 victims worldwide, including 1,800 in the United States, extracted $500M in ransoms, and caused billions in damages.
The list of victims included individuals, small businesses, and multinational corporations. The ransomware gang and its affiliates targeted hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies.
Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds.
“As alleged in the superseding complaint, at the time of Panev’s arrest in Israel in August, law enforcement discovered on Panev’s computer administrator credentials for an online repository that was hosted on the dark web and stored source code for multiple versions of the LockBit builder, which allowed LockBit’s affiliates to generate custom builds of the LockBit ransomware malware for particular victims. On that repository, law enforcement also discovered source code for LockBit’s StealBit tool, which helped LockBit affiliates exfiltrate data stolen through LockBit attacks.” reads the press release published by DoJ. “Law enforcement also discovered access credentials for the LockBit control panel, an online dashboard maintained by LockBit developers for LockBit’s affiliates and hosted by those developers on the dark web.
The complaint alleges Panev communicated with LockBit’s leader, Dmitry Khoroshev, about developing ransomware tools. Panev received over $230,000 in laundered cryptocurrency from Khoroshev between 2022 and 2024.
After his August arrest, Panev admitted to having had a role in coding, developing, and consulting for the LockBit group. He developed the code to disable antivirus software, deploy malware, and print ransom notes to all printers connected to a victim network.
A $10 million reward was offered for information on Khoroshev through the U.S. State Department’s TOC Rewards Program via the FBI tip website.
Khoroshev and other three members of the gang (Matveev, Sungatov, and Kondratyev) were sanctioned by the U.S. Treasury’s OFAC for their involvement in cyberattacks.
Seven LockBit members have been charged in New Jersey. Panev and Khoroshev face charges; Vasiliev and Astamirov pleaded guilty and await sentencing. Sungatov, Kondratyev, and Matveev, also indicted, remain at large. Matveev has a $10M U.S. reward for information leading to his arrest.
“As alleged by the complaint, Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit coconspirators to wreak havoc and cause billions of dollars in damage around the world,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “But just like the six other LockBit members previously identified and charged by this office and our FBI and Criminal Division partners, Panev could not remain anonymous and avoid justice indefinitely. He must now answer for his crimes. Today’s announcement represents another blow struck by the United States and our international partners against the LockBit organization, and our efforts will continue relentlessly until the group is fully dismantled and its members brought to justice.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
