LockBit Ransomware Developer Arrested in Israel

NEWS BRIEF

A newly unsealed criminal complaint by US law enforcement shows they have been working to dismantle the LockBit ransomware-as-a-service group for several years, including a previously undisclosed arrest of one of the operation's lead developers in Israel last August.

Rostislav Panev, a 51-year-old with dual Russian-Israeli citizenship, is facing extradition to the US to face charges along with two others accused of similarly working for LockBit, not just to develop the ransomware itself but also tools used by affiliates. For his part, Panev is accused of working on LockBit ransomware from its beginnings in 2019, eventually creating one of the most prolific ransomware operations in the world, according to the Justice Department's statement about the arrest.

Panev, according to the Justice Department, at the time of his arrest had admin credentials for LockBit's Dark Web online repository with the ransomware's source code, as well as the source code for an affiliate tool called "StealBit" used to exfiltrate stolen data. His laptop also had he access credentials for the LockBit control panel used by affiliates. The Justice Department's statement adds that Panev confessed to his role in the LockBit ransomware operation.

"The Justice Department’s work going after the world’s most dangerous ransomware schemes includes not only dismantling networks, but also finding and bringing to justice the individuals responsible for building and running them," Attorney General Merrick Garland said in a statement about the arrests. "Three of the individuals who we allege are responsible for LockBit’s cyberattacks against thousands of victims are now in custody, and we will continue to work alongside our partners to hold accountable all those who lead and enable ransomware attacks."