The US Department of Justice has unsealed charges against Rostislav Panev, a dual Russian-Israeli national, for his alleged role as a developer within the LockBit ransomware group. Panev is accused of creating software used by the group to disable antivirus programs, spread malware, and generate ransom notes. The charges follow a multi-year investigation into the ransomware group which emerged in 2019, which has targeted over 2,500 victims across 120 countries causing over $500 million in ransom payments. Panev was arrested in Israel in August and is awaiting extradition to the US.
The complaint against Panev claims that he developed and maintained the digital tools used by LockBit to carry out its attacks. Authorities found administrator credentials for LockBit’s infrastructure on his computer and source code for their ransomware. The ransomware group operates on a Ransomware-as-a-Service model, with affiliates executing the attacks after developers like Panev create the necessary tools. While law enforcement disrupted some of LockBit's infrastructure in February, the group managed to relaunch soon after, and many affiliates are still at large.