US authorities have brought charges against Russian and Israeli citizen Rostislav Panev, who is linked to the development of the LockBit malware and the management of the infrastructure of the extortion group of the same name.
According to court documents , 51-year-old Rostislav Panev participated in the development of encryption programs for LockBit, as well as a special data-stealing tool called StealBit, which was often used by attackers during attacks.
Panev was arrested in August of this year in Israel, where he is now awaiting consideration of an extradition request from the US. It is reported that Israeli law enforcement officers found credentials for a repository containing the source code of the LockBit encryption programs and the aforementioned StealBit tool on his computer.
In addition, it is noted that the repository contained the source code of the Conti ransomware, which was leaked back in 2022 , after a split in the hacker team. It is believed that this source code was used to create the LockBit Green ransomware.
Also, according to law enforcement, Panev contacted LockBitSupp (the administrator and one of the key figures in LockBit) through private messages on a hacker forum. Recall that investigators previously reported that Russian citizen Dmitry Yuryevich Khoroshev is hiding under this nickname. These messages discussed work: what exactly needs to be written for the LockBit builder and the group's control panel.
It is assumed that Panev received about $ 230,000 in cryptocurrency for his work at LockBit over 18 months (from June 2022 to February 2024). In conversations with Israeli police after his arrest, Panev allegedly admitted that he was programming for LockBit and was paid for this work.
It is worth noting that since 2023, Panev has become the seventh LockBit member to be charged. We also recall that in February of this year, law enforcement agencies in 10 countries around the world carried out Operation Cronos , in which they hacked the group's infrastructure and were able to obtain a lot of data about the hackers, their partners, and the malware itself.
According to court documents , 51-year-old Rostislav Panev participated in the development of encryption programs for LockBit, as well as a special data-stealing tool called StealBit, which was often used by attackers during attacks.
Panev was arrested in August of this year in Israel, where he is now awaiting consideration of an extradition request from the US. It is reported that Israeli law enforcement officers found credentials for a repository containing the source code of the LockBit encryption programs and the aforementioned StealBit tool on his computer.
| “In August, Israeli law enforcement discovered administrative credentials on Panev’s computer for an online repository hosted on the dark web that contained source code for multiple versions of the LockBit builder, which allowed LockBit partners to create custom builds of malware for specific victims,” the documents read. “The repository also contained source code for LockBit’s StealBit tool, which helped LockBit partners extract credentials stolen in attacks. Law enforcement also discovered credentials for accessing the LockBit Control Panel, an online dashboard that LockBit developers maintained for their partners on the dark web.” |
| Repository discovered |
Also, according to law enforcement, Panev contacted LockBitSupp (the administrator and one of the key figures in LockBit) through private messages on a hacker forum. Recall that investigators previously reported that Russian citizen Dmitry Yuryevich Khoroshev is hiding under this nickname. These messages discussed work: what exactly needs to be written for the LockBit builder and the group's control panel.
It is assumed that Panev received about $ 230,000 in cryptocurrency for his work at LockBit over 18 months (from June 2022 to February 2024). In conversations with Israeli police after his arrest, Panev allegedly admitted that he was programming for LockBit and was paid for this work.
It is worth noting that since 2023, Panev has become the seventh LockBit member to be charged. We also recall that in February of this year, law enforcement agencies in 10 countries around the world carried out Operation Cronos , in which they hacked the group's infrastructure and were able to obtain a lot of data about the hackers, their partners, and the malware itself.