US reveals charges against alleged LockBit ransomware developer

The US government has charged a dual Russian and Israeli national with allegedly building and maintaining LockBit’s malware code, while receiving over $230,000 in cryptocurrency for his work. The 51-year-old Rostislav Panev was arrested in Israel pending extradition to the US, making him the third member of the LockBit ransomware group in custody.

Authorities are still searching for Lockbit’s alleged ringleader, Dmitry Khoroshev, with a reward worth up to $10 million. The DOJ claimed in May that “Khoroshev alone allegedly received at least $100 million in disbursements of digital currency through his developer shares of LockBit ransom payments,” based on a 20 percent share of ransom payments extorted by affiliates who used the group’s software.

Law enforcement linked Panev to LockBit after finding login credentials on his computer for a dark web repository housing “multiple versions of the LockBit builder,” which is the tool that allowed members “to generate custom builds of the LockBit ransomware malware for particular victims.”

Panev allegedly admitted to writing and maintaining LockBit’s malware code in interviews with the Israeli police. Some of the code he’s said to have created can disable Windows Defender antivirus software, run malware on multiple computers on a network, and print LockBit’s ransom note on all the printers in a victim’s network. Panev claimed he didn’t realize he was involved in illegal activity at first, according to the complaint.