U.S. Seeks Extradition of Alleged LockBit Ransomware Developer
The U.S. Department of Justice (DoJ) has charged 51-year-old dual Russian-Israeli national, Rostislav Panev, for his alleged role as a developer in the notorious LockBit ransomware group. Panev was arrested in Israel in August 2024 and is currently awaiting extradition to the United States.
Allegations Against Panev
According to the DoJ, Panev served as a developer for LockBit from its inception around 2019 until at least February 2024. During this period, LockBit emerged as one of the most active and destructive ransomware groups globally, executing over 2,500 attacks across 120 countries, including approximately 1,800 in the United States. Their targets ranged from small businesses to large multinational corporations, hospitals, schools, critical infrastructure, and government agencies.
Panev is accused of designing the LockBit malware code and maintaining the infrastructure that facilitated its operations. Evidence obtained during his arrest includes administrator credentials for an online repository containing multiple versions of the LockBit builder—a tool enabling affiliates to create custom builds of the ransomware. Additionally, source code for LockBit’s StealBit tool, used for data exfiltration, and access credentials for the LockBit control panel were discovered.
Financial Transactions and Admissions
Investigators allege that between June 2022 and February 2024, Panev received cryptocurrency payments totaling over $230,000, with monthly transfers of approximately $10,000, as compensation for his services. In interviews with Israeli police, Panev reportedly admitted to writing and maintaining LockBit’s malware code and providing technical guidance to the group. He claimed initial unawareness of the illegal activities associated with his work.
LockBit's Impact and Ongoing Efforts
LockBit operates on a ransomware-as-a-service (RaaS) model, with a core group of developers collaborating with affiliates who execute attacks and extort ransom payments. The group has extracted at least $500 million in ransom payments from victims, causing billions of dollars in damages, including lost revenue and recovery costs.
Panev's arrest follows the apprehensions of other alleged LockBit members, including Mikhail Vasiliev and Ruslan Magomedovich Astamirov, both of whom have pleaded guilty to various charges. Authorities continue to pursue the group's alleged ringleader, Dmitry Khoroshev, offering up to $10 million for information leading to his capture.
Conclusion
The charges against Panev underscore the U.S. government's commitment to dismantling ransomware groups and bringing their members to justice. As Deputy Attorney General Lisa Monaco stated, "We started this year with a coordinated international disruption of LockBit—the most damaging ransomware group in the world. Fast forward to today and three LockBit actors are in custody thanks to the diligence of our investigators and our strong partnerships around the world."