The US Division of Justice has charged a Russian-Israeli dual-national for his suspected function in creating malware and managing the infrastructure for the infamous LockBit ransomware group.
In keeping with a legal grievance unsealed at the moment within the District of New Jersey, Rostislav Panev, 51, a twin Russian and Israeli nationwide, allegedly helped develop LockBit ransomware encryptors and a customized “StealBit” data-theft software generally utilized in assaults.
Panev was arrested in Israel in August, the place he awaits a pending extradition request by the US. Israeli information web site Ynet first reported concerning the arrest.
The legal grievance alleges that Israeli regulation enforcement discovered credentials on his laptop to an internet repository containing the supply code for the LockBit encryptors and the StealBit software.
“As alleged within the superseding grievance, on the time of Panev’s arrest in Israel in August, regulation enforcement found on Panev’s laptop administrator credentials for an internet repository that was hosted on the darkish net and saved supply code for a number of variations of the LockBit builder, which allowed LockBit’s associates to generate customized builds of the LockBit ransomware malware for explicit victims,” reads the grievance.
“On that repository, regulation enforcement additionally found supply code for LockBit’s StealBit software, which helped LockBit associates exfiltrate knowledge stolen via LockBit assaults. Regulation enforcement additionally found entry credentials for the LockBit management panel, an internet dashboard maintained by LockBit builders for LockBit’s associates and hosted by these builders on the darkish net.”
Supply: Felony Criticism
The repositories additionally contained the supply code for the Conti ransomware encryptors, which was leaked by a Ukranian researcher after Conti sided with Russia over the invasion of Ukraine.
This supply code is believed to have been used to assist create the “LockBit Inexperienced” encryptor, which was primarily based off of Conti’s encryptor.
The grievance additionally says that Panev used a hacking discussion board’s personal message characteristic to speak with LockBit’s main operator, LockBitSupp, now recognized as Dmitry Yuryevich Khoroshev. These messages had been to debate work that wanted to be coded on the LockBit builder and the operation’s management panel.
For his work with the LockBit ransomware gang, Panev allegedly earned roughly $230,000 over 18 months.
“Courtroom paperwork additional point out that, between June 2022 and February 2024, the first LockBit administrator made a sequence of transfers of cryptocurrency, laundered via a number of illicit cryptocurrency mixing providers, of roughly $10,000 per 30 days to a cryptocurrency pockets owned by Panev,” alleged the DOJ announcement.
“These transfers amounted to over $230,000 throughout that interval.”
In interviews with Israeli police following his arrest, Panev allegedly admitted to doing programming work for the LockBit ransomware and receiving compensation for his time.
If Panev is extradited to the US, he can be tried within the District of New Jersey.
Disrupting LockBit
Panev is the seventh LockBit ransomware gang member charged since 2023, with worldwide regulation enforcement focusing closely on disrupting the operation.
In 2023, the U.S. Justice Division charged a Russian citizen named Mikhail Pavlovich Matveev (also called Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for his involvement within the Hive, LockBit, and Babuk ransomware operations.
In February 2024, regulation enforcement companies from 10 international locations disrupted the LockBit ransomware operation in a joint operation referred to as “Operation Cronos.” Throughout this operation, regulation enforcement hacked LockBit’s infrastructure to steal knowledge, lists of associates, and over 7,000 decryption keys.
These decryption keys allowed firms worldwide to recuperate their knowledge totally free with out paying a ransom.
That very same month, the US charged two Russian nationals, Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord), for his or her involvement in LockBit assaults.
In Might 2024, the US charged, sanctioned, and revealed that the operator of the LockBit ransomware was allegedly a Russian nationwide named Dmitry Yuryevich Khoroshev, aka ‘LockBitSupp’ and ‘putinkrab’.
In July, Russian nationwide Ruslan Magomedovich Astamirov and Canadian/Russian nationwide Mikhail Vasiliev pleaded responsible to being associates for the LockBit ransomware operation and conducting quite a few assaults.
The US Division of State’s Rewards for Justice program is at present providing a $10 million reward for info resulting in Khoroshev’s arrest, in addition to as much as $10 million for the arrest of different members of the LockBit ransomware gang.