Alleged LockBit Mastermind Rostislav Panev Nabbed in Israel  

• The U.S. Department of Justice announced the arrest of alleged LockBit developer Rostislav Panev.
• The individual’s seized computer contained administrator credentials for a dark web repository with code for several LockBit versions.
• Panev was arrested in Israel earlier this August and is currently facing extradition to the U.S.

A dual Russian and Israeli national has been charged in the U.S. for founding and developing the notorious LockBit ransomware-as-a-service (RaaS) operation on allegations that include technical support and collaborating closely with affiliates and administrators. 

Rostislav Panev, 51, was arrested in Israel earlier this August and is currently facing extradition to the U.S., according to a statement from the Department of Justice (DoJ). Panev allegedly profited approximately $230,000 between June 2022 and February 2024 via cryptocurrency transfers linked to the LockBit operation.  

Court documents reveal that Panev's computer, seized during his arrest, contained significant evidence linking him to LockBit's operations. 

Forensic analysis uncovered administrator credentials for a dark web-hosted repository containing source codes for multiple LockBit ransomware versions. These builders enabled affiliates to customize the ransomware for deployment in targeted attacks.  

Additionally, Panev’s computer reportedly held access credentials for the LockBit control panel and a tool known as StealBit. The latter allowed affiliates to covertly exfiltrate sensitive data from compromised systems prior to initiating encryption.  

LockBit was set up by a Russian coder Dmitry Yuryevich Khoroshev, and court records detail direct communications between Panev and Khoroshev discussing essential updates and improvements to the builder and control panel.  

This individual is the seventh LockBit member to have been charged in the U.S. besides Mikhail Vasiliev, Ruslan Astamirov, Artur Sungatov, Ivan Gennadievich Kondratiev, and Mikhail Pavlovich Matveev. Affiliate Maksim Yakubets was also arrested.

The US State Department offers a $10 million reward for information that could lead to Khoroshev’s arrest, who uses online aliases like Putinkrab, Nerowolfe, and LockBitsupp.

The LockBit ransomware group is planning an ambitious return to the ransomware scene with the release of LockBit 4.0, scheduled to launch on February 3. The credibility is affected by arrests, law enforcement takedowns, and prior decryption leaks, and the market is dominated by competitors such as RansomHub.