The US government has charged a dual Russian and Israeli national with allegedly building and maintaining LockBit’s malware code, while receiving over $230,000 in cryptocurrency for his work. The 51-year-old Rostislav Panev was arrested in Israel pending extradition to the US, making him the third member of the LockBit ransomware group in custody.
Authorities previously arrested other alleged members of the LockBit group, including Mikhail Vasiliev and Ruslan Magomedovich Astamirov, both of whom have pleaded guilty to various charges, including conspiracy to commit computer fraud.
Authorities are still searching for Lockbit’s alleged ringleader, Dmitry Khoroshev, with a reward worth up to $10 million. The DOJ claimed in May that “Khoroshev alone allegedly received at least $100 million in disbursements of digital currency through his developer shares of LockBit ransom payments,” based on a 20 percent share of ransom payments extorted by affiliates who used the group’s software.
As outlined in the complaint, Panev is accused of working as a developer for LockBit since the group first formed in 2019, helping to wage ransomware attacks on hundreds of entities around the globe, including hospitals, businesses, government agencies, and more.
Law enforcement linked Panev to LockBit after finding login credentials on his computer for a dark web repository housing “multiple versions of the LockBit builder,” which is the tool that allowed members “to generate custom builds of the LockBit ransomware malware for particular victims.”
Panev allegedly admitted to writing and maintaining LockBit’s malware code in interviews with the Israeli police. Some of the code he’s said to have created can disable Windows Defender antivirus software, run malware on multiple computers on a network, and print LockBit’s ransom note on all the printers in a victim’s network. Panev claimed he didn’t realize he was involved in illegal activity at first, according to the complaint.
