The recent unsealing of charges by the US Department of Justice against Rostislav Panev, a 51-year-old Russian and Israeli national, has shed light on his alleged involvement as a developer for the notorious LockBit ransomware group. Panev, who was arrested in August 2024 and is currently in custody in Israel awaiting extradition, is accused of playing a crucial role in the operations of the LockBit group.
According to the US DoJ, Panev is believed to have been a key member of the LockBit ransomware-as-a-service organization, responsible for designing the LockBit malware code and managing the infrastructure on which the group operated. The charges against him also include allegations of conspiracy to commit fraud and wire fraud, intentional damage to a protected computer, and extortion.
The criminal complaint revealed that Israeli authorities discovered incriminating evidence on Panev’s computer, such as administrator credentials for a dark web online repository containing source code for multiple versions of the LockBit builder and the StealBit data exfiltration tool. Additionally, access credentials for the LockBit control panel, used by LockBit affiliates, were also found in his possession.
Furthermore, Panev was alleged to have been in communication with Dimitry Yuryevich Khoroshev, also known as LockBitSupp, the primary administrator of LockBit, discussing tasks related to the development of the LockBit builder and control panel. In interviews with Israeli authorities following his arrest, Panev reportedly confessed to his involvement in coding, development, and consulting work for the LockBit group, for which he received regular payments in cryptocurrency.
The impact of the LockBit group’s activities on its victims has been significant, with over 2,500 individuals and organizations falling prey to their ransomware attacks globally, including 1,800 victims in the US. One of the victims, a major financial institution based in China with operations in the US, ended up paying a ransom of nearly $449,075. Another victim, a multinational aeronautical and defense corporation headquartered in Virginia, which refused to pay the ransom, is suspected to be Boeing.
Overall, the DoJ estimates that LockBit’s members extorted at least $500 million in ransom payments from victims and caused billions of dollars in losses due to lost revenue and expenses related to incident response and recovery. The operations of the LockBit group were disrupted in February 2024 by an international law enforcement task force, leading to the arrest, charges, and sentencing of several suspected affiliates.
As the legal proceedings against Panev unfold, the case provides a glimpse into the intricate web of cybercriminal activities orchestrated by ransomware groups like LockBit and underscores the ongoing efforts of law enforcement authorities to tackle such threats effectively.