(JNS) — The U.S. Justice Department unsealed charges on Friday that it filed in September against Rostislav Panev, 51, a Russian and Israeli citizen who, it says, was a developer in a ransomware group called LockBit.
Panev was arrested in August in Israel, where he remains in custody. Washington is seeking his extradition.
“The Justice Department’s work going after the world’s most dangerous ransomware schemes includes not only dismantling networks but also finding and bringing to justice the individuals responsible for building and running them,” stated Merrick Garland, the U.S. attorney general.
“Three of the individuals who we allege are responsible for LockBit’s cyberattacks against thousands of victims are now in custody, and we will continue to work alongside our partners to hold accountable all those who lead and enable ransomware attacks,” he added.
Christopher Wray, director of the FBI, called LockBit “one of the most prolific ransomware variants across the globe.” (The Justice Department also called it “the most damaging ransomware group in the world.”)
“The LockBit group has targeted both public and private sector victims around the world, including schools, hospitals, and critical infrastructure, as well as small businesses and multinational corporations,” he stated.
Per the 48-page complaint filed with the U.S. District Court for the District of New Jersey, Panev was a LockBit developer from the start of the ransomware group, around 2019, until February 2024.
“The LockBit group attacked more than 2,500 victims in at least 120 countries around the world, including 1,800 in the United States,” per the Justice Department. “LockBit’s members extracted at least $500 million in ransom payments from their victims and caused billions of dollars in other losses, including lost revenue and costs from incident response and recovery.” (At least 55 of the victims were based in New Jersey, per the complaint.)
Ransomware, per the complaint, “is a type of malware used by cybercriminals to encrypt data stored on a victim’s computer system, leaving that data inaccessible to, and unusable by, the victim, or to transmit data stored on a victim system to a remote computer, or both, in an effort to extort a ransom payment.”
When Israeli authorities searched Panev’s residence in Israel on Aug. 12, they found “overwhelming evidence further establishing Panev’s role as a LockBit developer — and, specifically, as a developer of code for multiple LockBit builders and other critical LockBit facilities,” per the complaint.
“Court documents further indicate that, between June 2022 and February 2024, the primary LockBit administrator made a series of transfers of cryptocurrency, laundered through one or more illicit cryptocurrency mixing services, of approximately $10,000 per month to a cryptocurrency wallet owned by Panev,” the Justice Department stated. “Those transfers amounted to over $230,000 during that period.”
Panev admitted to Israeli law enforcement that he had coded, developed and consulted for LockBit and that he was paid regularly, per the Justice Department.
“Among the work that Panev admitted to having completed for the LockBit group was the development of code to disable antivirus software, to deploy malware to multiple computers connected to a victim network and to print the LockBit ransom note to all printers connected to a victim network,” it stated. “Panev also admitted to having written and maintained LockBit malware code and to having provided technical guidance to the LockBit group.”
Among the victims who paid LockBit ransom, per the complaint, was a law enforcement agency in New Jersey, which paid the group the equivalent in 2021 of $85,430 in Bitcoin. A Utah business paid about $1.19 million in 2021, and a Kentucky corporation paid about $4.96 million in 2023.
“Panev claimed — dubiously, in the assessment of U.S. authorities, given the nature of the services he acknowledged providing from the very beginning of his work for LockBit and his own extensive familiarity with computer science, hacking and cybercrime, as discussed in this affidavit — that he at first did not realize that the work he was doing for LockBit was unlawful,” per the complaint.
The Justice Department stated that Panev “admitted, however, that at a certain point, he understood that he was involved with unlawful activity. Panev admitted that he continued working for the LockBit group, in sum and substance, ‘for the money.’”
