A 51-year-old dual Russian-Israeli national, accused of playing a key role in the LockBit ransomware syndicate, has been extradited to the United States. Nearly three months after being formally charged, authorities have secured the transfer of Rostislav Panev, a developer linked to the notorious ransomware gang.
Panev was arrested in Israel in August 2024 and is alleged to have worked as a developer for LockBit from 2019 until February 2024. His arrest follows a major law enforcement crackdown that dismantled the group’s online infrastructure, striking a significant blow to one of the most prolific ransomware operations in history.
“Rostislav Panev’s extradition to the District of New Jersey sends a strong message: if you are involved in the LockBit ransomware conspiracy, the U.S. will track you down and bring you to justice,” said U.S. Attorney John Giordano.
LockBit has emerged as one of the most aggressive ransomware groups, carrying out cyberattacks on over 2,500 entities across 120 countries. The impact in the U.S. has been particularly severe, with nearly 1,800 victims, including small businesses, multinational corporations, hospitals, schools, government agencies, and law enforcement organizations.
The ransomware gang has accumulated at least $500 million in illegal profits, causing billions in losses through stolen revenue, ransom payments, and costly recovery efforts.
Panev’s Role in LockBit’s Ransomware Cyber Attacks
As a developer, Panev was instrumental in building and maintaining the malicious codebase used in LockBit’s ransomware attacks. His responsibilities included:
- Developing code to disable antivirus software, making it easier to infect systems.
- Designing malware that could spread across networks, infecting multiple computers simultaneously.
- Creating scripts that forced all connected printers on victim networks to print ransom notes, increasing the pressure to pay.
- Writing and maintaining LockBit malware while providing ongoing technical support to the group.
Between June 2022 and February 2024, Panev reportedly earned approximately $230,000 for his contributions to LockBit.
U.S. Crackdown on LockBit and Its Members
Panev is not the only LockBit affiliate facing legal consequences. Authorities have charged six other members of the ransomware gang in connection with the operation:
- Mikhail Vasiliev
- Ruslan Astamirov
- Artur Sungatov
- Ivan Gennadievich Kondratiev
- Mikhail Pavlovich Matveev
- Dmitry Yuryevich Khoroshev (identified as the group’s administrator, known online as LockBitSupp)
In addition, Khoroshev, Matveev, Sungatov, and Kondratiev have been sanctioned by the U.S. Treasury’s Office of Foreign Assets Control (OFAC) for their involvement in cyberattacks.
The U.S. continues to ramp up efforts to dismantle ransomware operations, actively targeting cybercriminals behind these lucrative extortion schemes. As law enforcement agencies collaborate globally, the pressure on cybercrime groups like LockBit is intensifying.
With Panev now in U.S. custody, authorities are expected to pursue further legal actions against those facilitating cyber extortion and critical infrastructure attacks. The crackdown underscores a clear message: ransomware developers and affiliates are no longer untouchable.
