A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme.
Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019 to February 2024, when the operation’s online infrastructure was seized in a law enforcement exercise.
“Rostislav Panev’s extradition to the District of New Jersey makes it clear: if you are a member of the LockBit ransomware conspiracy, the United States will find you and bring you to justice,” said United States Attorney John Giordano.
LockBit grew to become one of the most prolific ransomware groups, attacking more than 2,500 entities in at least 120 countries around the world. Nearly 1,800 of those were located in the United States.
Victims consisted of individuals and small businesses to multinational corporations, including hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies.
The syndicate’s cybercrime spree has netted at least $500 million in illicit profits, causing billions of dollars to victims in the form of lost revenue and costs from incident response and recovery.
Panev, in his role as a developer of LockBit, was responsible for designing and maintaining the locker’s codebase, earning approximately $230,000 between June 2022 and February 2024.
“Among the work that Panev admitted to having completed for the LockBit group was the development of code to disable antivirus software; to deploy malware to multiple computers connected to a victim network; and to print the LockBit ransom note to all printers connected to a victim network,” the Justice Department said.
“Panev also admitted to having written and maintained LockBit malware code and to having provided technical guidance to the LockBit group.”
Besides Panev, six other LockBit members, Mikhail Vasiliev, Ruslan Astamirov, Artur Sungatov, Ivan Gennadievich Kondratiev, Mikhail Pavlovich Matveev, and Dmitry Yuryevich Khoroshev, have been charged in the U.S. Khoroshev has also been outed as LockBit’s administrator, going by the online alias LockBitSupp.
In addition, Khoroshev, Matveev, Sungatov, and Kondratyev have been sanctioned by the Department of the Treasury’s Office of Foreign Assets Control (OFAC) for their roles in launching cyber attacks.
