Thought Leadership
A major blow against cybercrime: Rostislav Panev, a 51-year-old citizen of Russia and Israel, has been extradited from Israel to the United States. He is accused of having worked as a developer for the notorious ransomware group LockBit.
According to court documents, Panev worked as a developer for LockBit from 2019 to February 2024. During this time, LockBit developed into one of the most dangerous and active ransomware groups in the world. Developers like Panev played a central role: they programmed the malicious code, maintained the infrastructure and supported the cybercriminals with technological expertise.
LockBit’s mode of operation was based on the so-called ransomware-as-a-service (RaaS) model. External actors, known as affiliates, were able to use LockBit’s tools and infrastructure to carry out their own attacks. A portion of the extorted funds then flowed back to the operators of the group.
According to the US Department of Justice, LockBit attacked more than 2,500 organizations in at least 120 countries. The USA was particularly affected, with around 1,800 victims. The targets included not only private individuals and small businesses, but also international corporations, hospitals, schools, NGOs, government institutions and law enforcement agencies.
In total, LockBit’s extortions are said to have generated more than 500 million US dollars. Panev himself is said to have received cryptocurrencies worth around 230,000 US dollars for his activities between June 2022 and February 2024.
The arrest in Israel
The Israeli authorities arrested Panev in August 2024. When investigators searched his computer, they found access data to a protected online repository on the darknet. This contained various versions of the LockBit source code, which attackers could use to create customized ransomware.
In addition, the investigators discovered the source code for LockBit’s StealBit tool, which was used to exfiltrate data, as well as access data for the group’s internal control panel. Direct messages between Panev and another high-ranking administrator were also recovered.
The US authorities have been searching for members of LockBit for years. So far, seven suspected members of the group have been charged.
The US State Department is offering up to 10 million US dollars via the “Transnational Organized Crime (TOC) Rewards Program” for information leading to the identification and arrest of further LockBit key figures. Up to 5 million US dollars are offered for information leading to the capture of affiliates.
The fight against LockBit and similar cyber threats is therefore far from over. The investigations continue.
