A dual Russian and Israeli national, Rostislav Panev, has been extradited to the United States on charges related to his alleged involvement as a developer of the LockBit ransomware. Panev, 51 years old, was arrested in Israel back in August of 2024 following a provisional arrest request from the US. After appearing before a US magistrate, he is now being held in custody pending trial.
According to court documents filed by the Department of Justice (DoJ), Panev is accused of playing a significant role in developing the LockBit ransomware, starting from its inception in 2019 up until at least February 2024. During this time, Panev, along with his fellow LockBit coconspirators, reportedly transformed LockBit into one of the most active and destructive ransomware groups globally.
US authorities estimate that the Russia-based LockBit ransomware group, operating as a ransomware-as-a-service (RaaS) entity, targeted over 2500 victims in at least 120 countries, with 1800 of those victims located in the US. The targets of these attacks have not been limited to specific industries, encompassing critical services such as hospitals, schools, and government agencies.
The financial impact of LockBit’s activities has been staggering, with the group allegedly demanding and receiving over $500 million in ransom payments from victims. This, in addition to the significant financial losses incurred by affected organizations in terms of response and recovery costs, amounts to billions of dollars.
In February 2024, law enforcement authorities executed Operation Cronos, resulting in the dismantling of key LockBit infrastructure. While this operation substantially reduced the group’s operational capabilities, LockBit has adapted by releasing new versions of its ransomware to continue its illicit activities.
The charges brought against Panev are part of a larger effort by US authorities to hold members of the LockBit group accountable for their actions. Notably, Dmitry Yuryevich Khoroshev, regarded as the primary creator, developer, and administrator of LockBit, is also facing legal ramifications in the US. A reward of up to $10 million has been offered for information leading to Khoroshev’s arrest and/or conviction.
The case against Panev includes allegations that law enforcement uncovered administrator credentials on his computer, enabling the generation of customized versions of the LockBit ransomware. Additionally, source code for LockBit’s StealBit tool, used to exfiltrate data obtained through LockBit attacks, was found on an online repository hosted on the dark web.
Communication records between Panev and Khoroshev, as well as cryptocurrency transfers amounting to over $230,000 from Khoroshev to Panev, suggest a close working relationship between the two individuals. Panev has reportedly confessed to Israeli authorities about his involvement in coding, development, and consulting tasks for the LockBit group, receiving payments in cryptocurrency for his services.
Overall, the extradition of Panev to the US marks a significant development in the ongoing efforts to combat ransomware attacks and hold responsible those individuals involved in perpetrating such cybercrimes.