KEY SUMMARY POINTS
- Arrest of Rostislav Panev: Dual Russian-Israeli national Rostislav Panev, a key developer for the LockBit ransomware group, was arrested in Israel in August and awaits extradition to the U.S.
- Role in LockBit Operations: Panev allegedly developed and maintained malware infrastructure for LockBit, enabling affiliates to launch ransomware attacks globally since 2019.
- Evidence Seized: Authorities discovered administrator credentials for LockBit’s dark web tools, malware source codes, and control panel access during Panev’s arrest.
- Admissions and Payments: Panev admitted to disabling antivirus software, deploying malware, and printing ransom notes, earning over $230,000 in cryptocurrency for his work.
- Impact of LockBit: LockBit ransomware has targeted over 1,800 U.S. victims and thousands more worldwide, causing billions in damages and collecting over $500 million in ransom payments.
The U.S. Department of Justice (DoJ) has announced the arrest of Rostislav Panev, a dual Russian and Israeli national accused of being a key developer for the LockBit ransomware operation.
The 51-year-old was apprehended in Israel back in August and is now awaiting extradition to the United States to face charges including computer fraud, wire fraud, and extortion for his role in developing and maintaining LockBit ransomware infrastructure from 2019 to 2024.
LockBit, once dubbed the “most destructive ransomware group in the world,” has created major problems for thousands of victims across more than 120 countries, including over 1,800 in the U.S. alone. From hospitals and schools to critical infrastructure and multinational corporations, no sector has been safe from their attacks.
The group’s malicious activities have reportedly netted them at least $500 million in ransom payments while causing billions more in damages through lost revenue and recovery costs.
Who is Rostislav Panev?
According to the DoJ’s press release, Panev allegedly played a critical role in the development and maintenance of LockBit’s malware infrastructure. From the group’s emergence in 2019 until at least February 2024, Panev worked as a developer, creating tools that enabled LockBit affiliates to carry out attacks and extort victims.
During his arrest, authorities seized Panev’s computer, uncovering evidence that linked him directly to the group’s operations. This included administrator credentials for a dark web repository containing source code for multiple versions of the LockBit builder, a tool used to generate custom malware for specific victims. Investigators also found access credentials for the LockBit control panel, a dark web dashboard used by developers and affiliates to coordinate attacks.
According to the DoJ’s superseding criminal complaint, in interviews with Israeli authorities following his arrest, Panev admitted to writing code that disabled antivirus software, deployed malware across victim networks, and printed ransom notes on connected printers. He also confessed to receiving regular cryptocurrency payments for his work, summing over $230,000 between June 2022 and February 2024.
Takedown of LockBit
Panev’s arrest is the latest in a series of actions against the LockBit group. Earlier this year, the UK’s National Crime Agency (NCA) led a coordinated international effort to disrupt LockBit’s operations, seizing key servers and websites used by the group. This move significantly crippled LockBit’s ability to launch new attacks and extort victims.
The DoJ has also charged seven other individuals associated with LockBit, including Dmitry Yuryevich Khoroshev, the group’s alleged primary administrator. Khoroshev, who remains at large, is believed to have played a central role in recruiting affiliates and overseeing LockBit’s operations.
Two other LockBit affiliates, Mikhail Vasiliev and Ruslan Astamirov, have already pleaded guilty to their involvement in the group and are awaiting sentencing. Meanwhile, other key figures like Artur Sungatov and Ivan Kondratyev remain fugitives, with rewards of up to $10 million offered for information leading to their arrest.
In November 2024, Russian authorities arrested Mikhail Pavlovich Matveev, also known as Wazawaka and Boriselcin, a member of the Lockbit group. Matveev is also wanted by the FBI for his involvement in the Hive and Babuk ransomware operations.
Nevertheless, the fight against ransomware takes a major step forward with Panev’s extradition and prosecution, marking an important milestone in holding cybercriminals accountable. The message is simple: in our connected world, cybercrime doesn’t pay.
RELATED TOPICS
- Ukraine Arrests Cryptor Specialist Aiding Conti and LockBit
- Rabbi Arrested for Hacking CCTV at Lady’s Swimwear Shop
- FBI Kills Kelihos Botnet Amid Russian Hacker’s Arrest in Spain
- Israeli arrested for hacking Madonna’s PC, selling songs online
- Husband, wife among ransomware operators arrested in Ukraine
