LockBit Ransomware Developer Rostislav Panev Extradited from Israel to the US
The United States Justice Department announced today that Rostislav Panev, one of the masterminds behind the LockBit ransomware operation, has been extradited to the United States. Panev, a 51-year-old dual Russian-Israeli national, was arrested in Israel in August 2024 and is now facing charges related to his involvement in the ransomware group.
The LockBit ransomware gang was responsible for attacking over 2,500 victims worldwide, including 1,800 in the United States, and extracted a staggering $500 million in ransoms. The gang's actions caused billions of dollars in damages and targeted institutions, individuals, and businesses alike, including hospitals, schools, nonprofit organizations, critical infrastructure, and government agencies.
Panev was tasked with creating and maintaining the malware and infrastructure for LockBit, while affiliates executed attacks and extorted ransoms. Law enforcement discovered on his computer administrator credentials an online repository that hosted source code for multiple versions of the LockBit builder, as well as access credentials for the LockBit control panel.
According to the DoJ press release, law enforcement also discovered source code for LockBit's StealBit tool, which helped affiliates exfiltrate data stolen through LockBit attacks. Panev received over $230,000 in laundered cryptocurrency from LockBit leader Dmitry Khoroshev between 2022 and 2024.
"As alleged in the superseding complaint, at the time of Panev's arrest in Israel in August, law enforcement discovered on Panev's computer administrator credentials for an online repository that was hosted on the dark web and stored source code for multiple versions of the LockBit builder, which allowed LockBit's affiliates to generate custom builds of the LockBit ransomware malware for particular victims," reads the press release.
Panev admitted to having had a role in coding, developing, and consulting for the LockBit group. He developed the code to disable antivirus software, deploy malware, and print ransom notes to all printers connected to a victim network.
A Message from the US Attorney and FBI
"Rostislav Panev's extradition to the District of New Jersey makes it clear: if you are a member of the LockBit ransomware conspiracy, the United States will find you and bring you to justice," said United States Attorney John Giordano.
"Even as the means and methods of cybercriminals become more sophisticated, my Office and our FBI, Criminal Division, and international law enforcement partners are more committed than ever to prosecuting these criminals," added Giordano.
"No one is safe from ransomware attacks, from individuals to institutions. Along with our international partners, the FBI continues to leave no stone unturned when it comes to following LockBit's trail of destruction. We will continue to work tirelessly to prevent actors, such as Panev, from hacking their way to financial gain," said Acting Special Agent in Charge of the FBI Newark Division Terence G. Reilly.
A Reward for Information on Dmitry Khoroshev
A $10 million reward was offered for information on Khoroshev through the U.S. State Department's TOC Rewards Program via the FBI tip website. Khoroshev and other three members of the gang (Matveev, Sungatov, and Kondratyev) were sanctioned by the U.S. Treasury's OFAC for their involvement in cyberattacks.
The Current Status of the LockBit Ransomware Gang
Seven LockBit members have been charged in New Jersey. Panev and Khoroshev face charges; Vasiliev and Astamirov pleaded guilty and await sentencing. Sungatov, Kondratyev, and Matveev, also indicted, remain at large.
Matveev has a $10M U.S. reward for information leading to his arrest. The case is a testament to the FBI's commitment to investigating and prosecuting cybercrime, and we will continue to work tirelessly to bring these perpetrators to justice," said Reilly.