FBI has arrested Rostislav Panev, a 51-year-old dual Russian-Israeli national, for his alleged role as a developer within the notorious LockBit ransomware group. Panev’s arrest in Israel, following a U.S. provisional arrest request, marks a pivotal moment in ongoing efforts to dismantle one of the most prolific ransomware operations in history.
Panev remains in custody in Israel, pending extradition to the United States to face charges detailed in a superseding criminal complaint unsealed in the District of New Jersey.
A Multinational Effort to Combat Ransomware
The U.S. Department of Justice (DOJ) hailed Panev’s arrest as a landmark achievement in the global fight against ransomware. “The Justice Department’s work going after the world’s most dangerous ransomware schemes includes not only dismantling networks but also finding and bringing to justice the individuals responsible for building and running them,” stated Attorney General Merrick B. Garland.
Panev is the third LockBit-associated actor to be apprehended this year, reflecting coordinated international efforts to combat ransomware threats. According to Deputy Attorney General Lisa Monaco, the arrest underscores the DOJ’s resolve to leverage all available tools to address this escalating threat. “This case is a model for ransomware investigations in the years to come,” Monaco emphasized.
FBI Director Christopher Wray echoed these sentiments, highlighting the devastating impact of LockBit’s activities. “LockBit has targeted both public and private sector victims worldwide, including schools, hospitals, and critical infrastructure. No matter how advanced the threat, the FBI remains committed to safeguarding the cyber ecosystem,” Wray stated.
LockBit’s Reign of Cyberterror
From its inception in 2019, the LockBit ransomware group emerged as one of the most destructive cybercrime entities, responsible for over 2,500 attacks across 120 countries. Their victims ranged from small businesses and nonprofits to multinational corporations, schools, and government agencies.
LockBit affiliates reportedly extorted more than $500 million in ransom payments, causing billions of dollars in damages, including lost revenue and recovery costs. Panev’s role within this operation was critical; he allegedly developed malware, built infrastructure, and provided technical expertise that enabled LockBit affiliates to carry out attacks.
Court documents reveal that Panev’s computer, seized during his August arrest, contained source code for LockBit’s ransomware builder and its StealBit data exfiltration tool. These tools were instrumental in enabling affiliates to generate customized ransomware builds and steal sensitive victim data. Additionally, Panev maintained administrator credentials for LockBit’s control panel, a dark web dashboard used to manage ransomware attacks.
Panev’s Involvement and Admissions
Following his arrest, Panev reportedly admitted to coding, consulting, and developing for LockBit. He disclosed receiving over $230,000 in cryptocurrency payments from the group between June 2022 and February 2024. Among his contributions, Panev developed code to disable antivirus systems, deploy malware across networks, and print ransom notes on victim organizations’ printers.
Broader Efforts to Dismantle LockBit Ransomware
Panev’s arrest follows a February 2024 disruption of LockBit’s operations, spearheaded by the U.K.’s National Crime Agency (NCA) Cyber Division in collaboration with the DOJ, FBI, and other international partners. This operation included the seizure of LockBit’s public-facing websites and critical servers, significantly impairing its ability to launch attacks.
Panev is the latest of seven LockBit members charged in the U.S. Others include Dmitry Yuryevich Khoroshev, the group’s alleged leader, and Mikhail Vasiliev and Ruslan Astamirov, affiliates who pleaded guilty in July. Despite these successes, key members like Khoroshev remain at large.
The DOJ has announced rewards of up to $10 million for information leading to the arrests of Khoroshev, Mikhail Matveev (another LockBit actor), or other leaders within the ransomware group.
Ransomware on the Global Stage
LockBit’s reach demonstrates the increasing sophistication and global scope of ransomware operations. The group’s attacks on critical infrastructure and public services underline the urgent need for international cooperation in cybersecurity enforcement.
“This case is another blow against LockBit,” remarked U.S. Attorney Philip R. Sellinger of the District of New Jersey. “We will continue our efforts relentlessly until the group is fully dismantled and its members brought to justice.”
What’s Next for Panev?
If extradited to the U.S., Panev will face charges for his role in building and maintaining LockBit’s malware arsenal. His case could set a precedent for prosecuting cybercriminals operating across borders and highlight the growing importance of international partnerships in combating cyber threats.
Authorities are encouraging victims of LockBit ransomware to contact the FBI and provide information to assist in the broader investigation. As the U.S. and its partners intensify their pursuit of ransomware actors, Panev’s apprehension serves as a stark warning to cybercriminals worldwide: no matter where they operate, justice will find them.
