Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
A 51-year-old individual holding both Russian and Israeli citizenship, accused of being a developer linked to the LockBit ransomware group, has been extradited to the United States. This follows nearly three months after he was officially charged in relation to cybercrime activities.
Rostislav Panev was apprehended in Israel in August 2024. Reports suggest that he had been involved with the ransomware syndicate from 2019 until February 2024, when law enforcement authorities dismantled the group’s online infrastructure.
United States Attorney John Giordano reaffirmed the dedication to holding cybercriminals accountable, stating that Rostislav Panev’s extradition to the District of New Jersey serves as a clear message: anyone involved in the LockBit ransomware operation will be pursued and brought to justice by the United States.
LockBit Ransomware’s Impact
LockBit has been recognized as one of the most widespread ransomware groups, targeting over 2,500 organizations across at least 120 countries. Of these, nearly 1,800 were based in the United States.
Victims included individuals, small businesses, multinational corporations, hospitals, educational institutions, nonprofit organizations, government agencies, and law enforcement entities.
The cybercrime group’s activities resulted in substantial financial damage, with illicit profits exceeding $500 million. The overall economic impact on victims, including lost revenue and recovery costs, has been estimated in the billions.
Panev’s Role in LockBit Operations
As a developer for LockBit, Panev was responsible for coding and maintaining the ransomware’s core software. His earnings from these activities amounted to approximately $230,000 between June 2022 and February 2024.
The U.S. Department of Justice reported that Panev admitted to creating code for the LockBit group, which was designed to disable antivirus programs, spread malware across multiple devices within a targeted network, and send the LockBit ransom note to all printers connected to the affected system.
Additionally, Panev acknowledged writing and managing LockBit’s malware code and providing technical assistance to the group.
Other Individuals Charged
Panev is not the only individual facing charges in the U.S. for connections to LockBit. Six additional members—Mikhail Vasiliev, Ruslan Astamirov, Artur Sungatov, Ivan Gennadievich Kondratiev, Mikhail Pavlovich Matveev, and Dmitry Yuryevich Khoroshev—have also been charged.
Furthermore, Khoroshev has been identified as the administrator of LockBit, operating under the alias “LockBitSupp.”
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on Khoroshev, Matveev, Sungatov, and Kondratiev due to their involvement in cyberattacks.
