A Russian-Israel ransomware developer arrested in Israel is facing extradition to the United States of America for hacking and extortion charges, the Israeli Justice Ministry and American Justice Department announced at the end of last week.
Rostislav Panev, 51, was arrested in Israel in August in relation to allegations that he was a developer of the LockBit software and maintained infrastructure for the LockBit ransomware group, a hacker group that had allegedly attacked 2,500 victims around the world and extorted at least $500 million in ransom payments and caused billions of dollars in damages.
The Justice Ministry lifted a publication ban on Thursday that the State Attorney's Office had filed in October a petition to the Jerusalem District Court for Panev's extradition to the America. The hearing for the extradition petition is set for January 5.
Between 2019 and 2024, Panev allegedly earned $230,000 worth of Bitcoin for serving as the extortion racket's software developer, said the Justice Ministry. The Justice Department said Friday that Israeli law enforcement had discovered administrator credentials for an online repository that stored Lockbit source code to allow affiliates to generate custom LockBit builds for particular victims. The StealBit tool, which allegedly helped members exfiltrate data stole in LockBit attacks, was also discovered in repository.
Panev reportedly admitted to Israeli authorities that he had performed coding, development, and consulting work for the LockBit group. He admitted, according to the department, that he had developed code to allow the ransomware to disable antivirus software, deploy across devices connected to a victims computers, and to print ransom notes from connected printers.
The Justice Department unsealed its complaint against Panev on Friday, detailing 41 separate charges for conspiracy to commit computer fraud, conspiracy to commit wire fraud, intentional damage to a protected computer, extortion in relation to information unlawfully obtained from a protected computer, and extortion in relation to intentional damage to protected computers.
Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit coconspirators to wreak havoc and cause billions of dollars in damage around the world,” New Jersey District US Attorney Philip Sellinger said in a press release. “But just like the six other LockBit members previously identified and charged by this office and our FBI and Criminal Division partners, Panev could not remain anonymous and avoid justice indefinitely. He must now answer for his crimes. Today’s announcement represents another blow struck by the United States and our international partners against the LockBit organization, and our efforts will continue relentlessly until the group is fully dismantled and its members brought to justice.”
The victims and perpetrators
The unsealed complaint detailed that about 1,800 victims had been targeted by Lockbit in the US, of which 55 resided in New Jersey. Major multinational corporations, small businesses, individuals, hospitals, schools, nonprofit organizations, critical infrastructure facilities, and government and law-enforcement agencies have been targeted in countries including the United Kingdom, Israel, France, Australia, Germany, Argentina, Kenya, Switzerland, Finland, the Netherlands, Japan, Canada, Spain, Italy, and China.
Many of the alleged LockBit members are Russian nationals. LockBit affiliate members Mikhail Vasiliev and Ruslan Astamirov plead guilty to participation in the group in July. Indictements were unsealed in 2023 and 2024 against alleged members Artur Sungatov, Ivan Kondratyev, Mikhail Matveev, who remain at large.
In May an indictment was unsealed alleging that Dmitry Yuryevich Khoroshev was the group's primary creator, developer, and administrator. The US State Department Transnational Organized Crime (TOC) Rewards Program is offering up to $10 Million for information leading to the arrest of Khoroshev, who remains at large. All of the identified members have reportedly all been sanctioned by the US.