A dual national of Russia and Israel, Rostislav Panev, has been charged in the United States for allegedly developing the notorious LockBit ransomware-as-a-service (RaaS) operation, which began around 2019 and continued until February 2024. He was arrested in Israel in August and is currently awaiting extradition to the U.S.
According to U.S. Department of Justice officials, Panev purportedly earned around $230,000 through transactions to his cryptocurrency wallet from June 2022 to February 2024. U.S. Attorney Philip R. Sellinger stated that Panev "built and maintained the digital weapons" that empowered his LockBit partners to cause extensive financial damage globally.
LockBit became infamous for targeting over 2,500 entities across 120 countries, with about 1,800 attacks in the United States alone. Its diverse list of victims spanned individuals, small businesses, large corporations, hospitals, schools, nonprofit organizations, and government agencies, accumulatively generating at least $500 million in illicit funds.
Following his arrest, Panev’s computer was found to contain administrator credentials for an online repository on the dark web housing various versions of the LockBit builder—a tool affiliates used to develop custom ransomware iterations. Additionally, law enforcement uncovered access credentials for the LockBit control panel and a tool named StealBit, which facilitated data exfiltration from breached systems before ransomware deployment.
Furthermore, Panev reportedly communicated with Dmitry Yuryevich Khoroshev, the primary administrator of LockBit, discussing ongoing development efforts related to LockBit’s infrastructure and control mechanisms. Panev confessed to Israeli authorities after his arrest, attributing responsibilities such as disabling antivirus software, deploying malware on victim networks, and printing ransom notes on all connected printers to him.
His indictment marks the seventh among various LockBit members charged in the U.S., which include individuals like Mikhail Vasiliev and Ruslan Astamirov. Despite these arrests, LockBit operators have indicated intentions to evolve, with a new version, LockBit 4.0, anticipated for release in February 2025.
In a related development, Daniel Christian Hulea, a 30-year-old Romanian connected with the NetWalker ransomware operation, was sentenced to 20 years in prison, alongside forfeiting $21.5 million due to his involvement in ransomware activities that specifically targeted the healthcare sector during the COVID-19 pandemic.
Additionally, Mark Sokolovsky, a Ukrainian developer of the Raccoon Stealer malware, was sentenced to five years in federal prison for conspiracy to commit computer intrusion. Sokolovsky had marketed Raccoon as a malware-as-a-service tool for just $200 monthly, facilitating other actors in compromising victims’ systems primarily through phishing scams.
Finally, Vitalii Antonenko, a 32-year-old New York City resident, received a sentence of time served plus additional days for his involvement in a scheme that executed SQL injection attacks, leading to theft and trafficking of credit card information.
These actions represent the continuous efforts of law enforcement agencies to dismantle cybercriminal operations and enforce accountability for various cybercrimes globally.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.