U.S. Charges LockBit Ransomware Developer in Global Cybercrime Crackdown

Dual Russian-Israeli national accused of aiding one of the world’s most destructive ransomware groups.

In a major blow to international cybercrime, U.S. prosecutors have charged Rostislav Panev, a dual Russian and Israeli national, for his role as a developer in the notorious LockBit ransomware group. Panev, 51, was arrested in Israel in August 2024 and remains in custody pending extradition to the United States, according to U.S. Attorney Philip R. Sellinger of New Jersey.

The LockBit ransomware group, active since 2019, is responsible for over 2,500 attacks in 120 countries, including 1,800 within the United States. The group has extorted over $500 million in ransom payments from victims ranging from small businesses to multinational corporations, hospitals, schools, and even government agencies.

“The arrest of alleged developer Rostislav Panev is part of the FBI’s ongoing efforts to disrupt and dismantle the LockBit ransomware group, one of the most prolific ransomware variants across the globe,” said FBI Director Christopher Wray. “The LockBit group has targeted both public and private sector victims around the world, including schools, hospitals, and critical infrastructure, as well as small businesses and multi-national corporations. No matter how hidden or advanced the threat, the FBI remains committed to working with our interagency partners to safeguard the cyber ecosystem and hold accountable those who are responsible for these criminal activities.”

Panev’s Role in LockBit

According to court documents, Panev played a critical role in LockBit’s operations, designing malware code and managing the dark web infrastructure used by the group. His arrest revealed administrator credentials to LockBit’s repository, which contained source code for tools like the LockBit builder, used to customize ransomware for specific victims, and the StealBit tool, which enabled data theft during attacks.

Panev also had access credentials for LockBit’s control panel, a dashboard maintained on the dark web for affiliates to coordinate attacks and manage ransom payments. Panev admitted to Israeli authorities that he developed code to disable antivirus software, deploy ransomware across victim networks, and even print ransom notes to all connected printers.

“The arrest of Mr. Panev reflects the Department's commitment to using all its tools to combat the ransomware threat,” said Deputy Attorney General Lisa Monaco. “We started this year with a coordinated international disruption of LockBit — the most damaging ransomware group in the world. Fast forward to today and three LockBit actors are in custody thanks to the diligence of our investigators and our strong partnerships around the world. This case is a model for ransomware investigations in the years to come.”

A Global Cybercrime Enterprise

LockBit operated as a two-tiered system: developers like Panev created and maintained the ransomware infrastructure, while affiliates carried out attacks and extorted payments. The group split the ransom proceeds among members, with Panev receiving over $230,000 in cryptocurrency between June 2022 and February 2024.

Panev’s arrest follows an international crackdown on LockBit’s operations. Earlier this year, authorities from the U.K., U.S., and other nations dismantled key components of the group’s infrastructure, including servers and websites used to connect with affiliates and victims. These efforts significantly disrupted LockBit’s operations and reduced its capacity to launch new attacks.

“The Justice Department’s work going after the world’s most dangerous ransomware schemes includes not only dismantling networks, but also finding and bringing to justice the individuals responsible for building and running them,” said Attorney General Merrick B. Garland. “Three of the individuals who we allege are responsible for LockBit’s cyberattacks against thousands of victims are now in custody, and we will continue to work alongside our partners to hold accountable all those who lead and enable ransomware attacks.”

A Network of Arrests

Panev is the seventh LockBit member charged in New Jersey. Among the group’s alleged leaders is Dmitry Yuryevich Khoroshev, also known as “LockBitSupp,” who remains at large with a $10 million U.S. government bounty on his head.

Other arrests include:

• Mikhail Vasiliev and Ruslan Astamirov, affiliates who pleaded guilty in July 2024 to deploying LockBit attacks.
• Artur Sungatov and Ivan Kondratyev, who face charges for ransomware attacks against U.S. and global industries.
• Mikhail Matveev, who has also been charged with using multiple ransomware variants, including LockBit, against U.S. organizations.

“For five years, Panev helped to grow LockBit into a ransomware machine of deception and extortion,” said Acting Special Agent in Charge Nelson I. Delgado of the FBI Newark Field Office. “His reach was far and wide but FBI Newark and our international law enforcement partners were able to disrupt his reign. Panev’s arrest marks a victory against these conspirators, and is a step towards upholding justice and neutralizing these criminals.”

Ongoing Efforts to Combat Ransomware

The U.S. Department of Justice, in collaboration with international law enforcement, continues to pursue LockBit members and dismantle ransomware operations. Victims of LockBit ransomware are encouraged to report incidents at www.ic3.gov and may be eligible for system decryption assistance from law enforcement.

Up to $10 million in rewards are being offered for information leading to the arrest of key LockBit members, including Panev’s alleged co-conspirators. The Department of State also offers $5 million in rewards for identifying participants in LockBit’s criminal activities.

Global Coordination

Panev’s apprehension was made possible through a global effort involving authorities from Israel, the United Kingdom, France, Germany, and multiple other nations. Agencies including the FBI, Europol, and Eurojust contributed to the investigation.

U.S. Attorney Sellinger emphasized the significance of Panev’s arrest: “As alleged by the complaint, Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit coconspirators to wreak havoc and cause billions of dollars in damage around the world. But just like the six other LockBit members previously identified and charged by this office and our FBI and Criminal Division partners, Panev could not remain anonymous and avoid justice indefinitely. He must now answer for his crimes. Today’s announcement represents another blow struck by the United States and our international partners against the LockBit organization, and our efforts will continue relentlessly until the group is fully dismantled and its members brought to justice.”

Businesses and individuals are urged to protect themselves against ransomware threats by following guidance available at StopRansomware.gov.

Panev faces charges in the District of New Jersey for his role in one of the most prolific ransomware operations in history. If extradited and convicted, he could face significant penalties under U.S. law. Until proven guilty, however, Panev remains presumed innocent.