US charges Russian-Israeli dual national tied to Lockbit ransomware group
WASHINGTON, USA – The United States has charged a Russian-Israeli dual citizen over alleged involvement with the Lockbit ransomware group, the US Department of Justice said on Friday, December 20.
Rostislav Panev, 51, was arrested in Israel in August and is awaiting extradition to the United States, the department said.
Panev was a developer at Lockbit from its inception some time in 2019 through to at least February 2024, during which time the group grew into “what was, at times, the most active and destructive ransomware group in the world,” the DOJ said.
“The Justice Department’s work going after the world’s most dangerous ransomware schemes includes not only dismantling networks, but also finding and bringing to justice the individuals responsible for building and running them,” Attorney General Merrick Garland said in a statement.
Lockbit and its malware were linked to attacks on more than 2,500 victims in at least 120 countries around the world, according to the DOJ, including small businesses and large multinationals, hospitals, schools, critical infrastructure, government and law enforcement agencies.
Lockbit was discovered in 2020 when its eponymous malicious software was found on Russian-language cybercrime forums.
It operated a ransomware-as-a-service operation, where a core group of developers and administrators worked with “affiliates” who carried out attacks. Extortion proceeds were split between the parties involved.
Lockbit and its affiliates extorted at least $500 million in payments from victims, according to the DOJ, as well as causing significant costs from lost revenue and incident response and recovery.
The arrest follows two guilty pleas in July from a pair of Russian members of the Lockbit gang — Ruslan Astamirov and Mikhail Vasiliev — and the seizure, in February, of numerous Lockbit websites by Britain’s National Crime Agency, the FBI, and other international law enforcement agencies.
Lockbit reappeared online not long after the seizure, defiantly saying: “I cannot be stopped.” But law enforcement officials and experts say the bust helped damage the gang’s standing in the cybercriminal underworld.
Government actions “have proven incredibly effective at dismantling and discrediting” Lockbit as a brand and bringing the group’s volume of attacks down precipitously, said Jeremy Kennelly, a cybersecurity analyst with Google owner Alphabet. Affiliates and others working with the group may have shifted to collaborating with other gangs, Kennelly said, but the crackdown has been “critical to ensuring that ransomware and extortion are seen as crimes for which there are consequences.” – Rappler.com