The US Division of Justice has charged a Russian-Israeli dual-national for his suspected position in growing malware and managing the infrastructure for the infamous LockBit ransomware group.
In accordance with a legal grievance unsealed at present within the District of New Jersey, Rostislav Panev, 51, a twin Russian and Israeli nationwide, allegedly helped develop LockBit ransomware encryptors and a customized “StealBit” data-theft software generally utilized in assaults.
Panev was arrested in Israel in August, the place he awaits a pending extradition request by the US. Israeli information web site Ynet first reported concerning the arrest.
The legal grievance alleges that Israeli legislation enforcement discovered credentials on his laptop to an internet repository containing the supply code for the LockBit encryptors and the StealBit software.
“As alleged within the superseding grievance, on the time of Panev’s arrest in Israel in August, legislation enforcement found on Panev’s laptop administrator credentials for an internet repository that was hosted on the darkish internet and saved supply code for a number of variations of the LockBit builder, which allowed LockBit’s associates to generate customized builds of the LockBit ransomware malware for specific victims,” reads the grievance.
“On that repository, legislation enforcement additionally found supply code for LockBit’s StealBit software, which helped LockBit associates exfiltrate knowledge stolen by LockBit assaults. Legislation enforcement additionally found entry credentials for the LockBit management panel, an internet dashboard maintained by LockBit builders for LockBit’s associates and hosted by these builders on the darkish internet.”
The repositories additionally contained the supply code for the Conti ransomware encryptors, which was leaked by a Ukranian researcher after Conti sided with Russia over the invasion of Ukraine.
This supply code is believed to have been used to assist create the “LockBit Inexperienced” encryptor, which was primarily based off of Conti’s encryptor.
The grievance additionally says that Panev used a hacking discussion board’s non-public message characteristic to speak with LockBit’s major operator, LockBitSupp, now recognized as Dmitry Yuryevich Khoroshev. These messages have been to debate work that wanted to be coded on the LockBit builder and the operation’s management panel.
For his work with the LockBit ransomware gang, Panev allegedly earned roughly $230,000 over 18 months.
“Court docket paperwork additional point out that, between June 2022 and February 2024, the first LockBit administrator made a collection of transfers of cryptocurrency, laundered by a number of illicit cryptocurrency mixing companies, of roughly $10,000 monthly to a cryptocurrency pockets owned by Panev,” alleged the DOJ announcement.
“These transfers amounted to over $230,000 throughout that interval.”
In interviews with Israeli police following his arrest, Panev allegedly admitted to doing programming work for the LockBit ransomware and receiving compensation for his time.
If Panev is extradited to the US, he shall be tried within the District of New Jersey.
Disrupting LockBit
Panev is the seventh LockBit ransomware gang member charged since 2023, with worldwide legislation enforcement focusing closely on disrupting the operation.
In 2023, the U.S. Justice Division charged a Russian citizen named Mikhail Pavlovich Matveev (also called Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for his involvement within the Hive, LockBit, and Babuk ransomware operations.
In February 2024, legislation enforcement businesses from 10 nations disrupted the LockBit ransomware operation in a joint operation known as “Operation Cronos.” Throughout this operation, legislation enforcement hacked LockBit’s infrastructure to steal knowledge, lists of associates, and over 7,000 decryption keys.
These decryption keys allowed corporations worldwide to get well their knowledge at no cost with out paying a ransom.
That very same month, the US charged two Russian nationals, Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord), for his or her involvement in LockBit assaults.
In Might 2024, the US charged, sanctioned, and revealed that the operator of the LockBit ransomware was allegedly a Russian nationwide named Dmitry Yuryevich Khoroshev, aka ‘LockBitSupp’ and ‘putinkrab’.
In July, Russian nationwide Ruslan Magomedovich Astamirov and Canadian/Russian nationwide Mikhail Vasiliev pleaded responsible to being associates for the LockBit ransomware operation and conducting quite a few assaults.
The US Division of State’s Rewards for Justice program is at present providing a $10 million reward for data resulting in Khoroshev’s arrest, in addition to as much as $10 million for the arrest of different members of the LockBit ransomware gang.