Recently, a dual Russian and Israeli national, Rostislav Panev, 51, has been extradited to the United States to face charges as a key developer of the notorious LockBit ransomware group. The announcement, made by United States Attorney John Giordano, marks a critical step in dismantling one of the world’s most prolific ransomware operations.
Panev’s extradition follows his August arrest in Israel, acting on a U.S. provisional arrest request. He appeared before U.S. Magistrate Judge André M. Espinosa, where he was detained pending trial.
“Rostislav Panev’s extradition to the District of New Jersey makes it clear: if you are a member of the LockBit ransomware conspiracy, the United States will find you and bring you to justice,” stated U.S. Attorney Giordano. “Even as the means and methods of cybercriminals become more sophisticated, my Office and our FBI, Criminal Division, and international law enforcement partners are more committed than ever to prosecuting these criminals.”
The LockBit group, active since 2019, has wreaked havoc across the globe, attacking over 2,500 victims in at least 120 countries, including 1,800 in the United States. Victims ranged from individuals and small businesses to critical infrastructure, including hospitals, schools, and government agencies. The group is estimated to have extracted at least $500 million in ransom payments, causing billions in additional losses.
Panev, according to the superseding complaint, was a key “developer” who designed the LockBit malware code and maintained the group’s infrastructure. This included creating tools like the StealBit tool, designed to exfiltrate stolen data, and managing the LockBit control panel, a dark web dashboard used by affiliates to launch attacks.
“No one is safe from ransomware attacks, from individuals to institutions,” said Acting Special Agent in Charge of the FBI Newark Division Terence G. Reilly. “Along with our international partners, the FBI continues to leave no stone unturned when it comes to following LockBit’s trail of destruction. We will continue to work tirelessly to prevent actors, such as Panev, from hacking their way to financial gain.”
Evidence presented in court documents and the superseding complaint reveals Panev’s direct communication with Dimitry Yuryevich Khoroshev (LockBitSupp), the alleged primary administrator of LockBit, discussing the development of the LockBit builder and control panel. Furthermore, cryptocurrency transfers amounting to over $230,000 from Khoroshev to Panev were identified, indicating a clear financial relationship.
During interviews with Israeli authorities, Panev admitted to performing coding, development, and consulting work for LockBit, including developing code to disable antivirus software, deploy malware, and print ransom notes.
This extradition follows a significant disruption of LockBit’s operations in February 2024 by the U.K. National Crime Agency, in cooperation with the U.S. Justice Department and other international partners. Authorities seized websites and servers used by LockBit, significantly impacting their ability to launch attacks.
The U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program is offering substantial rewards for information leading to the arrest and/or conviction of key LockBit figures, including up to $10 million for information on Khoroshev and Mikhail Matveev.
