The U.S. Department of Justice has charged Rostislav Panev, a 51-year-old dual Russian-Israeli national, for his alleged role as a key developer of the notorious LockBit ransomware operation that caused billions in damages worldwide.
Panev, arrested in Israel this August and awaiting extradition to the U.S., allegedly earned around $230,000 between June 2022 and February 2024 for his work with the criminal enterprise. According to court documents, he served as a developer for LockBit since its creation in 2019 until February 2024.
The investigation revealed that Panev's computer contained administrator credentials for a dark web repository housing LockBit source code versions. Authorities also discovered access credentials for the LockBit control panel and StealBit, a tool used to extract sensitive data from compromised systems.
During interviews with Israeli authorities, Panev admitted to performing coding and development work for LockBit, including creating programs to disable antivirus software, deploy malware across networks, and print ransom notes to victims' printers. He also acknowledged receiving regular cryptocurrency payments for his services.
LockBit emerged as one of the most destructive ransomware groups, targeting over 2,500 organizations across 120 countries, with 1,800 victims in the U.S. alone. Their victims included hospitals, schools, government agencies, and critical infrastructure, netting the group an estimated $500 million in illicit profits.
The arrest comes as part of a broader international law enforcement campaign against LockBit. In February 2024, Operation Cronos successfully disrupted the group's infrastructure. Panev is the seventh LockBit member to face U.S. charges, joining others including Mikhail Vasiliev and Dmitry Yuryevich Khoroshev.
While LockBit operators have announced plans to release version 4.0 in February 2025, the recent wave of arrests and infrastructure takedowns has cast doubt on the group's ability to stage a successful comeback.
Panev's lawyer maintains that his client was merely a computer technician unaware of the criminal nature of his work, denying involvement in fraud, extortion, and money laundering activities.