The US Division of Justice has charged a Russian-Israeli dual-national for his suspected position in creating malware and managing the infrastructure for the infamous LockBit ransomware group.
In response to a felony criticism unsealed at the moment within the District of New Jersey, Rostislav Panev, 51, a twin Russian and Israeli nationwide, allegedly helped develop LockBit ransomware encryptors and a customized “StealBit” data-theft device generally utilized in assaults.
Panev was arrested in Israel in August, the place he awaits a pending extradition request by the US. Israeli information website Ynet first reported in regards to the arrest.
The felony criticism alleges that Israeli legislation enforcement discovered credentials on his laptop to a web-based repository containing the supply code for the LockBit encryptors and the StealBit device.
“As alleged in the superseding complaint, at the time of Panev’s arrest in Israel in August, law enforcement discovered on Panev’s computer administrator credentials for an online repository that was hosted on the dark web and stored source code for multiple versions of the LockBit builder, which allowed LockBit’s affiliates to generate custom builds of the LockBit ransomware malware for particular victims,” reads the criticism.
“On that repository, law enforcement also discovered source code for LockBit’s StealBit tool, which helped LockBit affiliates exfiltrate data stolen through LockBit attacks. Law enforcement also discovered access credentials for the LockBit control panel, an online dashboard maintained by LockBit developers for LockBit’s affiliates and hosted by those developers on the dark web.”
Supply: Prison Grievance
The repositories additionally contained the supply code for the Conti ransomware encryptors, which was leaked by a Ukranian researcher after Conti sided with Russia over the invasion of Ukraine.
This supply code is believed to have been used to assist create the “LockBit Inexperienced” encryptor, which was based mostly off of Conti’s encryptor.
The criticism additionally says that Panev used a hacking discussion board’s non-public message function to speak with LockBit’s main operator, LockBitSupp, now recognized as Dmitry Yuryevich Khoroshev. These messages had been to debate work that wanted to be coded on the LockBit builder and the operation’s management panel.
For his work with the LockBit ransomware gang, Panev allegedly earned roughly $230,000 over 18 months.
“Court documents further indicate that, between June 2022 and February 2024, the primary LockBit administrator made a series of transfers of cryptocurrency, laundered through one or more illicit cryptocurrency mixing services, of approximately $10,000 per month to a cryptocurrency wallet owned by Panev,” alleged the DOJ announcement.
“Those transfers amounted to over $230,000 during that period.”
In interviews with Israeli police following his arrest, Panev allegedly admitted to doing programming work for the LockBit ransomware and receiving compensation for his time.
If Panev is extradited to the US, he shall be tried within the District of New Jersey.
Disrupting LockBit
Panev is the seventh LockBit ransomware gang member charged since 2023, with worldwide legislation enforcement focusing closely on disrupting the operation.
In 2023, the U.S. Justice Division charged a Russian citizen named Mikhail Pavlovich Matveev (often known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for his involvement within the Hive, LockBit, and Babuk ransomware operations.
In February 2024, legislation enforcement companies from 10Â international locations disrupted the LockBit ransomware operation in a joint operation referred to as “Operation Cronos.” Throughout this operation, legislation enforcement hacked LockBit’s infrastructure to steal information, lists of associates, and over 7,000 decryption keys.
These decryption keys allowed corporations worldwide to get better their information without spending a dime with out paying a ransom.
That very same month, the US charged two Russian nationals, Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord), for his or her involvement in LockBit assaults.
In Might 2024, the US charged, sanctioned, and revealed that the operator of the LockBit ransomware was allegedly a Russian nationwide named Dmitry Yuryevich Khoroshev, aka ‘LockBitSupp’ and ‘putinkrab’.
In July, Russian nationwide Ruslan Magomedovich Astamirov and Canadian/Russian nationwide Mikhail Vasiliev pleaded responsible to being associates for the LockBit ransomware operation and conducting quite a few assaults.
The US Division of State’s Rewards for Justice program is at the moment providing a $10 million reward for data resulting in Khoroshev’s arrest, in addition to as much as $10 million for the arrest of different members of the LockBit ransomware gang.
