Exclusive: US DOJ Charges Russian-Israeli National for Developing LockBit Ransomware Tools
In an exclusive investigation, lockbitdecryptor has obtained detailed insights into the recent charges filed by the U.S. Department of Justice (DOJ) against Rostislav Panev, a Russian-Israeli dual national accused of playing a pivotal role in the development of the infamous LockBit ransomware. Panev, 51, was arrested in Israel in August and now faces extradition to the United States.
Unveiling Panev’s Role in LockBit Operations
According to the criminal complaint unsealed in the District of New Jersey, Panev’s contributions to the LockBit ransomware operation were substantial. Evidence found on his computer includes:
- Administrator credentials for an online repository on the dark web containing source code for multiple versions of LockBit ransomware encryptors.
- Source code for the StealBit data-theft tool, widely used in ransomware attacks to exfiltrate victim data.
- Credentials granting access to LockBit’s control panel, an operational dashboard for affiliates to manage attacks and victims.
The repository also contained the source code for Conti ransomware, leaked in the aftermath of Conti siding with Russia during the Ukraine invasion. This code reportedly inspired the creation of “LockBit Green,” an advanced version of LockBit encryptors.
Panev admitted to conducting programming work for LockBit during his interrogation by Israeli authorities. Between June 2022 and February 2024, he allegedly received over $230,000 in cryptocurrency payments laundered through mixing services.
Connections to LockBit Leadership
Panev’s communications with LockBit’s alleged leader, Dmitry Yuryevich Khoroshev (known as LockBitSupp), were reportedly uncovered through private messages exchanged on a hacking forum. These messages detailed programming work for the LockBit builder and the operation’s control panel.
Khoroshev, who remains a fugitive, is believed to have orchestrated payments to Panev. Law enforcement agencies have identified him as a central figure in the ransomware group, and the U.S. Department of State has issued a $10 million reward for information leading to his capture.
A Broader Crackdown on LockBit
Panev’s arrest and pending extradition mark the latest in a series of significant disruptions to the LockBit ransomware operation:
- Operation Cronos (February 2024): A multi-nation effort dismantled LockBit infrastructure, recovering over 7,000 decryption keys that allowed victims to restore their data without paying ransoms.
- Global Prosecutions: Seven LockBit members, including affiliates and developers, have faced charges since 2023, with several pleading guilty.
Despite these setbacks, LockBit remains a formidable threat. As our team exclusively revealed earlier, the group is planning a resurgence with the launch of LockBit 4.0 on February 3, 2025.
Implications for Cybersecurity
The arrest of Panev underscores the critical importance of international collaboration in combating ransomware threats. However, the persistence of LockBit and their forthcoming version demonstrates the group’s resilience and adaptability.
lockbitdecryptor will continue to monitor and report on the developments surrounding LockBit and its affiliates, ensuring our readers stay informed and prepared against evolving ransomware threats.