US charges Russian-Israeli dual citizen with links to Lockbit ransomware group
The United States has charged a Russian-Israeli dual citizen over alleged involvement with the Lockbit ransomware group, the Justice Department said Friday.
Rostislav Panev, 51, was arrested in Israel in August and is awaiting extradition to the United States, the department said.
Panev was a developer at Lockbit from its founding in 2019 until at least February 2024, during which time the group became “at times, the most active and destructive ransomware group in the world,” the department said.
Attorney General Merrick Garland said in a statement, “The Justice Department’s work going after the world’s most dangerous ransomware schemes includes not only destroying the networks, but finding the individuals responsible for creating and running them and bringing them to justice. Including bringing.”
According to the department, Lockbit and its malware were linked to attacks on more than 2,500 victims in at least 120 countries around the world, including small businesses and large multinationals, hospitals, schools, critical infrastructure, government and law enforcement agencies. Were involved.
Lockbit was discovered in 2020 when its eponymous malicious software was found on Russian-language cybercrime forums.
It operated a ransomware-as-a-service operation, in which a core group of developers and administrators worked with affiliates to execute the attacks. The proceeds of the extortion were divided between the parties involved.
According to the Justice Department, Lockbit and its affiliates extorted at least $500 million in payments from victims, as well as caused significant costs from lost revenue and incident response and recovery.
The arrests followed the guilty pleas of two Russian members of the Lockbit gang – Ruslan Astamirov and Mikhail Vasiliev – in July and the seizure of several Lockbit websites by Britain’s National Crime Agency, the FBI and other international law enforcement agencies in February.
Lockbit reappeared online shortly after the seizure and bluntly said: “I cannot be stopped.” But law enforcement officials and experts say the bust helped damage the gang’s standing in the cybercriminal underworld.
Jeremy Kennelly, a cybersecurity analyst at Google owner Alphabet, said the government action has proven incredibly effective in dismantling and discrediting Lockbit as a brand and sharply reducing the volume of the group’s attacks.
Associates and others working with the group may shift to collaborating with other gangs, Kenneally said, but the action “is important to ensure that ransomware and extortion are viewed as crimes. Which has consequences.”