.png)
.png)
Rostislav Panev, an alleged software architect of the infamous LockBit ransomware group, is set to be extradited to the United States to face charges of extorting at least $500 million from global victims, including U.S. businesses and hospitals, according to the Department of Justice (DOJ).
Panev, who holds dual Russian-Israeli citizenship, is the third of seven identified members of the LockBit criminal network to be apprehended and held in custody. The group is accused of executing cyberattacks on over 2,500 victims across 120 countries, employing ransomware to extort payments by threatening to sabotage their computer systems.
Operating for approximately four years, LockBit targeted vulnerable institutions such as hospitals, schools, and critical infrastructures, holding sensitive data and systems hostage until ransoms were paid. The DOJ's recently unsealed superseding complaint, filed in U.S. District Court for the District of New Jersey, revealed that LockBit had ransomed approximately 1,800 U.S. victims, including law enforcement agencies.
Deputy Attorney General Lisa Monaco stated in a press release that international cooperation played a pivotal role in dismantling what she called “the most damaging ransomware group in the world.” Authorities from Israel, France, the U.K., and other European nations collaborated with the DOJ to disrupt the LockBit enterprise. In February, the U.K. National Crime Agency Cyber Division successfully dismantled LockBit’s infrastructure by seizing its websites and servers, significantly hindering the group’s operations.
Earlier this year, two LockBit associates, Mikhail Vasiliev and Ruslan Astamirov, pleaded guilty in federal court in New Jersey to charges related to LockBit attacks. Both individuals remain in custody awaiting sentencing. Panev, who was arrested in Israel in August, will join them in the U.S. legal system. Meanwhile, four other known LockBit members remain at large.
The complaint against Panev alleges that he played a central role in developing and deploying LockBit malware since its inception in 2019. LockBit remained active through February 2024, reportedly causing billions of dollars in damages by infiltrating computer systems and disrupting operations worldwide.
Israeli authorities claim that Panev admitted to creating the LockBit code, providing ongoing technical support to the group, and receiving payments for his involvement. DOJ documents revealed that Panev received $230,000 in cryptocurrency payments from LockBit’s chief administrator, Dimitry Yuryevich Khoroshev, between June 2022 and February 2024.
Further evidence against Panev includes administrator credentials found on his computer, which allowed access to LockBit’s repository on the dark web. This repository contained multiple versions of the LockBit malware, which members of the enterprise could customize to target specific systems. Additionally, law enforcement discovered the “StealBit” tool used to access and exfiltrate victims' data.
The DOJ has also indicted four other known members of the LockBit network who remain at large. Among them are Khoroshev, Mikhail Matveev, who allegedly orchestrated a LockBit attack on the Washington, D.C., Metropolitan Police Department, and Artur Sungatov and Ivan Kindratyev, both of whom specialized in targeting U.S. manufacturing firms.
The U.S. Department of State’s Transnational Organized Crime program is offering a $10 million reward for information leading to the capture of Khoroshev and Matveev.
By fLEXI tEAM