Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

LockBit Ransomware Developer Arrested in Israel at Request of US

Dual Russian and Israeli national has been arrested in Israel and will be extradited to the US to face charges related to LockBit ransomware development.

Snowflake hacker arrested

The US Department of Justice has unsealed charges against a man with dual Russian and Israeli nationality accused of being involved in the development of the LockBit ransomware.

The suspect, 51-year-old Rostislav Panev, was arrested in Israel in August based on a request from the United States. Panev is currency in custody in Israel pending extradition to the US. 

According to court documents, the man is accused of working as a LockBit ransomware developer from the group’s inception in 2019 until at least February 2024, when law enforcement announced dealing a major blow to the cybercrime operation after hacking its infrastructure.

Authorities say developers like Panev created the LockBit malware’s code and maintained the associated infrastructure. 

The evidence against the man includes credentials found on his computer at the time of his arrest, which provided access to a repository hosting LockBit source code, as well as credentials for the LockBit control panel.

Investigators also found that Panev exchanged private messages on a cybercrime forum with LockBitSupp, LockBit’s main administrator, who authorities say is Russian national Dmitry Yuryevich Khoroshev. Khoroshev was unmasked and charged by the US in May. 

Authorities discovered that Khoroshev made payments to a cryptocurrency wallet owned by Panev between June 2022 and February 2024. Panev received roughly $10,000 worth of cryptocurrency per month, for a total of $230,000.  

According to the DoJ, Panev admitted to Israeli authorities that he had been paid by the LockBit group for coding, development and consulting services. 

Advertisement. Scroll to continue reading.

“Among the work that Panev admitted to having completed for the LockBit group was the development of code to disable antivirus software; to deploy malware to multiple computers connected to a victim network; and to print the LockBit ransom note to all printers connected to a victim network. Panev also admitted to having written and maintained LockBit malware code and to having provided technical guidance to the LockBit group,” the DoJ said.

The US has, to date, charged seven individuals believed to have been involved in the LockBit operation. While some of them are in custody awaiting sentencing, Khoroshev and others are still at large and the US is offering rewards of up to $10 million for information that leads to their capture.

One LockBit affiliate who had been living in Canada was sentenced to nearly four years in prison earlier this year.

Some hackers involved in LockBit attacks have been charged by the US for their role in other major cybercrime operations. 

The LockBit ransomware group is said to have attacked more than 2,500 entities across 120 countries worldwide, including 1,800 in the US. LockBit members obtained at least $500 million in ransom payments from victims, and authorities say they caused billions of dollars in other losses.

Related: Cl0p Ransomware Group Takes Credit for Cleo Exploitation

Related: LockBit Ransomware Again Most Active – Real Attack Surge or Smokescreen?

Related: FBI Says It Has 7,000 LockBit Ransomware Decryption Keys

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.