Alleged LockBit Ransomware Developer Arrested in Israel; Awaits Extradition

The US Department of Justice (DoJ) has charged a dual Russian-Israeli citizen in the US for his alleged role as a developer for the now-defunct ransomware-as-a-service (RaaS) LockBit.

51-year-old Rostislav Panev, who was apprehended in Israel in August 2024, is now awaiting extradition, according to a DoJ statement.

Decoding Panev’s role

The accused, described by prosecutors as critical to LockBit’s operation since it surfaced in 2019, allegedly developed the digital infrastructure that enabled threat actors to compromise systems worldwide.

Panev is accused of giving affiliates access to ransomware builders, control panels and data exfiltration tools.

“As alleged by the complaint, Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit coconspirators to wreak havoc and cause billions of dollars in damage around the world,” said US Attorney Philip R. Sellinger for the District of New Jersey.

LockBit’s reign of terror

During its runtime, LockBit was among the most notorious ransomware operations, having targeted over 2,500 entities in 120 countries, including hospitals, schools, critical infrastructure and government agencies.

Under a RaaS model, the cybercrime syndicate provided threat actors with an all-in-one environment for carrying out ruthless ransomware campaigns in exchange for a share of the profits.

The malicious operation amassed at least $500 million in ransom payments, leaving numerous victims scrambling to recover from data breaches and encrypted systems.

A global law enforcement effort, dubbed Operation Cronos, dismantled the group’s infrastructure in February 2024, but remnants of its network remain a concern.

Tying Panev to the crime scene

Panev’s arrest yielded a trove of evidence linking him directly to LockBit’s inner machinations, including administrator credentials for a dark web repository harboring ransomware source code, data exfiltration tools and other hacking essentials.

The suspect is also accused of collaborating with Dmitry Yuryevich Khoroshev, known as “LockBitSupp,” on developing ransomware builders and operational tools.

Perhaps most damning, Panev admitted to Israeli authorities that he had written code for LockBit, including programs designed to disable antivirus systems and deploy malware to victim networks. He also confessed to creating functionality to print ransom notes across all connected printers—a chilling hallmark of LockBit attacks.

Staying ahead of ransomware attacks

Safeguarding your systems against ransomware attacks like LockBit can be daunting without a comprehensive security solution. Bitdefender Ultimate Security helps you detect and deter ransomware, viruses, Trojans, zero-day exploits, worms, rootkits, spyware, and other digital intrusions.

Key features include multi-layer ransomware protection, comprehensive, real-time data protection, network threat prevention, behavioral detection to monitor active apps, AI-assisted scam protection, email protection and cryptojacking protection.