LockBit Ransomware Developer Arrested in Israel at Request of US – Source: www.securityweek.com

The US Department of Justice has unsealed charges against a man with dual Russian and Israeli nationality accused of being involved in the development of the LockBit ransomware.

The suspect, 51-year-old Rostislav Panev, was arrested in Israel in August based on a request from the United States. Panev is currency in custody in Israel pending extradition to the US. 

According to court documents, the man is accused of working as a LockBit ransomware developer from the group’s inception in 2019 until at least February 2024, when law enforcement announced dealing a major blow to the cybercrime operation after hacking its infrastructure.

Authorities say developers like Panev created the LockBit malware’s code and maintained the associated infrastructure. 

The evidence against the man includes credentials found on his computer at the time of his arrest, which provided access to a repository hosting LockBit source code, as well as credentials for the LockBit control panel.

Investigators also found that Panev exchanged private messages on a cybercrime forum with LockBitSupp, LockBit’s main administrator, who authorities say is Russian national Dmitry Yuryevich Khoroshev. Khoroshev was unmasked and charged by the US in May. 

Authorities discovered that Khoroshev made payments to a cryptocurrency wallet owned by Panev between June 2022 and February 2024. Panev received roughly $10,000 worth of cryptocurrency per month, for a total of $230,000.  

According to the DoJ, Panev admitted to Israeli authorities that he had been paid by the LockBit group for coding, development and consulting services. 

“Among the work that Panev admitted to having completed for the LockBit group was the development of code to disable antivirus software; to deploy malware to multiple computers connected to a victim network; and to print the LockBit ransom note to all printers connected to a victim network. Panev also admitted to having written and maintained LockBit malware code and to having provided technical guidance to the LockBit group,” the DoJ said.

The US has, to date, charged seven individuals believed to have been involved in the LockBit operation. While some of them are in custody awaiting sentencing, Khoroshev and others are still at large and the US is offering rewards of up to $10 million for information that leads to their capture.

One LockBit affiliate who had been living in Canada was sentenced to nearly four years in prison earlier this year.

Some hackers involved in LockBit attacks have been charged by the US for their role in other major cybercrime operations. 

The LockBit ransomware group is said to have attacked more than 2,500 entities across 120 countries worldwide, including 1,800 in the US. LockBit members obtained at least $500 million in ransom payments from victims, and authorities say they caused billions of dollars in other losses.

Related: Cl0p Ransomware Group Takes Credit for Cleo Exploitation

Related: LockBit Ransomware Again Most Active – Real Attack Surge or Smokescreen?

Related: FBI Says It Has 7,000 LockBit Ransomware Decryption Keys