US Charges Dual Russian-Israeli National in Connection with LockBit Ransomware Group

U.S. authorities have charged Rostislav Panev, a dual Russian and Israeli national, for his alleged involvement with the LockBit ransomware group.

The Department of Justice (DOJ) announced the charges on Friday and seeks Panev’s extradition. U.S. Attorney Philip R. Sellinger unsealed the criminal complaint in the District of New Jersey on December 20.

LockBit Ransomware Tools Developer Arrested in Israel: Panev Awaits Extradition to the U.S

Rostislav Panev, 51, was arrested in Israel in August following a U.S. request for provisional arrest with the intent of extradition.

Panev, identified as a key developer for the LockBit group, remains in custody in Israel as extradition proceedings continue.

Panev is accused of developing and maintaining LockBit’s tools to conduct ransomware attacks worldwide.

He also allegedly develops malware to disable antivirus protections, infiltrate victim networks, and print ransom notes on connected devices.

Law enforcement also found evidence linking Panev to cryptocurrency payments exceeding $230,000, which he had allegedly received for his work with the group.

LockBit has been linked to numerous ransomware attacks targeting high-profile organizations. Victims include Boeing Co., the Industrial Commercial Bank of China, and the UK Royal Mail.

Ransomware attacks by groups like LockBit typically involve hackers encrypting victims’ data or disabling systems. Victims are then forced to pay a ransom to regain access.

Panev’s lawyer, Sharon Nahari, stated that Panev worked as a professional software developer. She claimed Panev communicated with LockBit via Telegram and created tools for the group without knowing their intended use.

Nahari added that Panev has cooperated with law enforcement and provided information about his involvement.

Authorities have intensified their efforts against LockBit in recent months. In February, U.S. and UK law enforcement agencies seized servers and websites used by the group and its affiliates.

Investigators also recovered victim data and thousands of decryption keys. Officials urged affected victims to contact them for assistance in recovering stolen information.

The $10 Million Manhunt: Who Is LockBit’s Alleged Operator, Dmitry Khoroshev?

LockBit, a ransomware group active since 2019, has attacked over 2,500 victims in 120 countries, including 1,800 in the U.S. Its targets span healthcare, education, critical infrastructure, and government sectors.

Affiliates use malware to encrypt networks, demanding ransoms and threatening to leak stolen data.

Global law enforcement, including U.S. authorities, Israel, France, the U.K., and Europol, have intensified efforts to dismantle the group.

The U.K. National Crime Agency disrupted LockBit’s infrastructure earlier this year, seizing vital websites and servers.

Seven alleged members have been charged since 2023, including Russian citizen Mikhail Matveev, who was linked to the LockBit, Hive, and Babuk ransomware.

In February 2024, “Operation Cronos” hacked LockBit’s systems, recovering data, affiliate lists, and over 7,000 decryption keys. These keys helped victims bypass ransom payments.

This year, additional charges were filed against Russian nationals Artur Sungatov, Ivan Kondratiev, and Dmitry Khoroshev, known as “putinkrab,” LockBit’s alleged operator.

A $10 million reward is offered for Khoroshev’s capture.

Notably, in July, affiliates Ruslan Astamirov and Mikhail Vasiliev pleaded guilty.

LockBit remains a key focus for law enforcement, with ongoing international cooperation to dismantle its operations.