Rostislav Panev, the alleged developer of the LockBit ransomware group, has been extradited to the U.S. Panev is a 51-year-old dual Russian and Israeli national who was arrested in Israel in August on accounts of being the developer of the infamous LockBit ransomware from 2019 to at least February 2024 before the ransomware operation was seized and shut down by Operation Cronos. On Thursday, March 16, Panev had an initial appearance before the U.S. Magistrate and was detained pending trial.
United States Attorney John Giordano stated that Rostislav Panev’s extradition to the District of New Jersey makes it clear that if you are a member of the LockBit ransomware group, the United States will find you and bring you to justice. He also emphasized on how cybercriminals are using more sophisticated methods and how committed their office, the FBI, Criminal Division, and international law enforcement partners are towards prosecuting the cyber criminals.
The prosecutors said that Panev and others were responsible to grow LockBit into one of the most active and prolific ransomware group in the world. The gang attacked more than 2,500 victims in 120 countries, the majority of which were located in the U.S. The victims of LockBit were not limited to multinational corporations but also include individuals and small businesses, hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies.
LockBit members profited from at least $500 million in extorted ransom from their victims, while the victims lost billions of dollars in the form of lost revenue and costs from incident response and recovery.
LockBit’s members consisted of developers and affiliates. While developers like Panev were responsible for tasks like designing the LockBit malware code and maintaining the infrastructure on which LockBit operated, the affiliates performed LockBit attacks and extorted ransom payments from the victims. The ransom was then split between the developers and affiliates.
During his questioning with the Israeli authorities after his arrest, Panev confessed to performing coding, development, and consulting work for the LockBit group. He also confirmed to have received regular payments in the form of cryptocurrency.
Panev also admitted to completing tasks such as developing code to disable antivirus software, deploying malware to multiple systems connected to a victim network, and printing the LockBit ransom note to all printers connected to the target network. Panev also revealed that he was responsible for writing and maintaining LockBit malware code and guiding the LockBit group technically.
Apart from Panev, the U.S. has charged six other LockBit members, including Mikhail Vasiliev, Ivan Gennadievich Kondratiev, Ruslan Astamirov, Artur Sungatov, Mikhail Pavlovich Matveev, and Dmitry Yuryevich Khoroshev (alias LockBitSupp, LockBit’s administrator).
In addition, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Khoroshev, Matveev, Sungatov, and Kondratyev for their roles in launching cyberattacks.
