A dual Russian-Israeli national has been charged in connection with the LockBit ransomware group, which has targeted thousands of victims worldwide, including hospitals.
Rostislav Panev, 51, was arrested in Israel in August and is awaiting extradition to the U.S., according to a Dec. 20 news release from the U.S. Department of Justice.
Mr. Panev is accused of serving as a developer for LockBit since its inception in 2019, helping to create malware that enabled the group to execute ransomware attacks on over 2,500 victims across 120 countries, including 1,800 in the U.S. Victims included hospitals, schools, critical infrastructure, and government agencies, resulting in at least $500 million in ransom payments and billions in damages, according to the U.S. Department of Justice.
The complaint alleges Mr. Panev developed and maintained LockBit's infrastructure, including coding tools to disable antivirus software and deploying malware across victim networks. He also allegedly managed a dark web repository containing LockBit's ransomware builder and other tools, and communicated directly with the group's administrator, Dmitry Yuryevich Khoroshev, also known as "LockBitSupp."
U.S. authorities also uncovered evidence of cryptocurrency transfers totaling over $230,000 from LockBit's administrator to Mr. Panev between 2022 and 2024, laundered through illicit mixing services. Mr. Panev admitted to Israeli authorities that he received these payments for coding and consulting work for LockBit, including developing malware to print ransom notes and providing technical guidance.
The Justice Department has now charged seven members of the LockBit group, arresting three, as part of its broader efforts to dismantle the organization.