Pierluigi Paganini
March 14, 2025
The US Justice Department announced that one of the LockBit ransomware developer, Rostislav Panev (51), has been extradited to the United States.
The dual Russian-Israeli national was arrested in Israel in 2024 and faces charges related to his role in the ransomware operation
The man is accused of being a LockBit ransomware developer from 2019 through at least February 2024. The leading ransomware group attacked over 2,500 victims worldwide, including 1,800 in the United States, extracted $500M in ransoms, and caused billions in damages.
The list of victims included individuals, small businesses, and multinational corporations. The ransomware gang and its affiliates targeted hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies.
Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds.
“As alleged in the superseding complaint, at the time of Panev’s arrest in Israel in August, law enforcement discovered on Panev’s computer administrator credentials for an online repository that was hosted on the dark web and stored source code for multiple versions of the LockBit builder, which allowed LockBit’s affiliates to generate custom builds of the LockBit ransomware malware for particular victims. On that repository, law enforcement also discovered source code for LockBit’s StealBit tool, which helped LockBit affiliates exfiltrate data stolen through LockBit attacks.” reads the press release published by DoJ. “Law enforcement also discovered access credentials for the LockBit control panel, an online dashboard maintained by LockBit developers for LockBit’s affiliates and hosted by those developers on the dark web.
The complaint alleges Panev communicated with LockBit’s leader, Dmitry Khoroshev, about developing ransomware tools. Panev received over $230,000 in laundered cryptocurrency from Khoroshev between 2022 and 2024.
After his August arrest, Panev admitted to having had a role in coding, developing, and consulting for the LockBit group. He developed the code to disable antivirus software, deploy malware, and print ransom notes to all printers connected to a victim network.
Between June 2022 and February 2024, the LockBit administrator sent over $230,000 in laundered cryptocurrency to Panev’s wallet, averaging $10,000 monthly.
“Rostislav Panev’s extradition to the District of New Jersey makes it clear: if you are a member of the LockBit ransomware conspiracy, the United States will find you and bring you to justice,” said United States Attorney John Giordano. “Even as the means and methods of cybercriminals become more sophisticated, my Office and our FBI, Criminal Division, and international law enforcement partners are more committed than ever to prosecuting these criminals.”
“No one is safe from ransomware attacks, from individuals to institutions. Along with our international partners, the FBI continues to leave no stone unturned when it comes to following LockBit’s trail of destruction. We will continue to work tirelessly to prevent actors, such as Panev, from hacking their way to financial gain,” said Acting Special Agent in Charge of the FBI Newark Division Terence G. Reilly.
A $10 million reward was offered for information on Khoroshev through the U.S. State Department’s TOC Rewards Program via the FBI tip website.
Khoroshev and other three members of the gang (Matveev, Sungatov, and Kondratyev) were sanctioned by the U.S. Treasury’s OFAC for their involvement in cyberattacks.
Seven LockBit members have been charged in New Jersey. Panev and Khoroshev face charges; Vasiliev and Astamirov pleaded guilty and await sentencing. Sungatov, Kondratyev, and Matveev, also indicted, remain at large. Matveev has a $10M U.S. reward for information leading to his arrest.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
