Alleged LockBit Ransomware Developer Extradited to the U.S. for Cybercrime Charges

A 51-year-old dual Russian and Israeli national, accused of being a key developer for the LockBit ransomware group, has been extradited to the United States nearly three months after facing formal charges related to the global cybercrime operation.

Arrest and Extradition

Rostislav Panev was apprehended in Israel in August 2024 and has now been extradited to the District of New Jersey to face prosecution. According to U.S. authorities, Panev was actively involved in LockBit's operations from 2019 until February 2024, when a multinational law enforcement effort took down the group's online infrastructure.

"Rostislav Panev's extradition to the District of New Jersey makes it clear: if you are a member of the LockBit ransomware conspiracy, the United States will find you and bring you to justice," said U.S. Attorney John Giordano.

The LockBit Ransomware Operation

LockBit has been recognized as one of the most notorious ransomware gangs, responsible for over 2,500 cyberattacks across at least 120 countries. Nearly 1,800 of these attacks targeted victims within the United States, ranging from small businesses to multinational corporations.

The group has inflicted damage on hospitals, schools, nonprofit organizations, critical infrastructure, and government agencies, extorting ransoms and disrupting operations. It is estimated that LockBit’s cyberattacks have generated at least $500 million in illegal profits while causing billions of dollars in damages related to lost revenue, incident response, and recovery efforts.

Panev’s Role in LockBit

As a key developer for the ransomware syndicate, Panev played a pivotal role in advancing LockBit’s malicious software. His work focused on designing and maintaining ransomware code, with financial records indicating he earned approximately $230,000 between June 2022 and February 2024.

According to the U.S. Department of Justice, Panev contributed to:

• Developing code that disabled antivirus and security software on victim networks.

• Creating malware designed to spread across multiple computers within a targeted network.

• Implementing a feature that printed the LockBit ransom note on all available printers within an infected system.

• Providing technical guidance and support to the LockBit cybercriminal group.

Legal Actions Against LockBit Members

Panev is not the only LockBit affiliate facing legal consequences. To date, six other individuals have been charged in the U.S. for their roles in LockBit operations:

• Mikhail Vasiliev

• Ruslan Astamirov

• Artur Sungatov

• Ivan Gennadievich Kondratiev

• Mikhail Pavlovich Matveev

• Dmitry Yuryevich Khoroshev (allegedly the group’s administrator, known as "LockBitSupp")

Additionally, Khoroshev, Matveev, Sungatov, and Kondratiev have been sanctioned by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) for their roles in orchestrating ransomware attacks.

Global Efforts Against Cybercrime

Panev’s extradition marks a significant milestone in the international crackdown on ransomware gangs. The U.S. and its allies continue to collaborate in identifying, prosecuting, and sanctioning individuals involved in cyber extortion schemes. The case underscores the increasing legal risks cybercriminals face, even those operating from countries known for harboring ransomware groups.

As ransomware attacks remain a significant threat to global cybersecurity, law enforcement agencies continue to dismantle illicit networks and bring perpetrators to justice.