The U.S. Department of Justice charged a Russian and Israeli national who claimed to have been a programmer for the notorious LockBit ransomware group in a 41-count indictment. Israeli authorities arrested 51-year-old Rostislav Panev, living in Haifa, Israel, in August 2024. An inspection of Penev’s computer showed he got credentials for a dark web database that contained the source code of several variants of the LockBit builder, utilized by affiliates of the Ransomware-a-s-a-Service (RaaS) operation to make customized variations of the LockBit encryptor. The repository likewise included exposed Conti ransomware source code and tools utilized by LockBit affiliates, which include StealBit, a malware for extracting files from victims’ systems. The computer additionally included credentials for the LockBit interface.
The U.S. Department of Justice states Panev was a LockBit ransomware developer considering that the group appeared in 2019 and kept the ransomware group’s system, which includes resources utilized by affiliates to deactivate anti-virus software programs, deploy malware throughout victims’ systems, and print ransom notes on all printers linked to victims’ systems. Besides developing the LockBit builder and administrative panel, Panev is purported to have been a consultant for the group and offered technical advice. The ransomware group administror directly communicated with Russian national Dmitry Yurevich Khoroshev (aka LockBitSupp). Khoroshev sent $230,000 of laundered money to a cryptocurrency wallet owned by Panev from 2022 to 2024 as payment for his services and sends around $10,000 monthly. Panev confessed to Israeli officials that LockBit paid him for coding, programming, and advisory work.
For a few years, LockBit remained a high-profile ransomware group, executing more than 2,500 ransomware attacks in over 120 nations since 2019, including attacks on HIPAA-covered healthcare providers. The group is thought to have earned ransom payments over $500 million. In February 2024, Operation Cronos, a global law enforcement operation, seized the LockBit infrastructure including the decryption keys for about 7,000 victims. LockBit immediately recovered and stayed active, though attacks were done at a lower level after the infrastructure shutdown. The LockBit group lately hinted about the launch of LockBit 4.0, a new encryptor.
Panev is facing one count of conspiracy to commit wire fraud for intentionally conspiring with others a plan to deceive victims and one count of conspiracy to commit fraud and associated activity connected with computers for his job in creating tools utilized by other people to deliberately damage a secured computer with no authorization. 13 of the 41 counts were deliberate damage to a secured computer associated with ransomware attacks on 13 U.S. victims from October 2021 to May 2024, 13 counts of extortion with regards to deliberate damage to a secured computer, and 13 counts of extortion of data illegally extracted from a secured computer.
The Department of Justice has already charged 7 LockBit members, which include Khoroshev, the group’s administrator, and three people have already been arrested. Khoroshev is thought to live in Russia out of the reach of Western authorities. The U.S. International Department of the State Attorney’s Office in Israel has seemingly petitioned the Jerusalem District Court to consent to extradite Panev to the U.S. to face trial in the District of New Jersey.
Image credits: Creative Laik, AdobeStock
