
A 51-year-old dual Russian and Israeli national named Rostislav Panev, accused of being a developer for the LockBit ransomware group has been extradited to the United States after being arrested in Israel in August 2024.
“Rostislav Panev’s extradition to the District of New Jersey makes it clear: if you are a member of the LockBit ransomware conspiracy, the United States will find you and bring you to justice,” said United States Attorney John Giordano.
Why it Matters
According to the complaints and filed documents, Panev was a developer for the LockBit ransomware group from 2019 until at least February 2024.
He built and maintained the malware’s code, earning about $230,000 between June 2022 and February 2024.
According to the U.S. Justice Department, Panev admitted to creating code that disabled antivirus software, spread malware across networks, and forced all connected printers to print ransom notes.
“Among the work that Panev admitted to having completed for the LockBit group was the development of code to disable antivirus software; to deploy malware to multiple computers connected to a victim network; and to print the LockBit ransom note to all printers connected to a victim network,” the Justice Department said.
During his time with LockBit, the group became one of the most active and destructive ransomware gangs in the world.
Also read: Ransom payment decreased by 35% in 2024
They attacked over 2,500 victims across 120 countries, including 1,800 in the U.S. Victims included small businesses, multinational companies, hospitals, schools, nonprofits, critical infrastructure, and government agencies.
LockBit members extorted at least $500 million in ransom payments and caused billions of dollars in additional losses from business disruptions, recovery efforts, and security costs.
In the last quarter of 2024, the group accounted for 70 incidents representing 12% of attacks primarily targeting the manufacturing sector.
Lockbit Destruction to Africa
Is no surprise that the Lockbit ransomware group is behind big cyber incidents that occurred in Africa.
For instance, in February 2024, the group took down the system of South Africa’s Government Employees Pension Fund (GEPF) — the largest pension fund in Africa.
The group was also behind an attack against the Agency for the Safety of Air Navigation in Africa and Madagascar (ASECNA), an air traffic control agency based in Senegal in 2023.
In March 2024, Kaspersky researchers identified a sophisticated attack by the LockBit group on an unnamed organization in West Africa.