Thursday, May 8, 2025
HomeCyber Security NewsU.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown

U.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown

Published on

SIEM as a Service

Follow Us on Google News

The U.S. Department of Justice has charged Rostislav Panev, a dual Russian and Israeli national, for his role as a developer of the notorious LockBit ransomware group.

Panev, 51, was arrested in Israel in August following a U.S. provisional arrest request, and he is currently awaiting extradition to the United States.

This action marks a crucial step in the global effort to dismantle ransomware operations and hold accountable those responsible for these sophisticated cyberattacks.

- Advertisement - Google News

The superseding complaint filed in the District of New Jersey alleges that Panev developed malware and maintained the infrastructure for LockBit, which was once considered the world’s most destructive ransomware group.

Over the years, LockBit has launched devastating attacks on thousands of victims worldwide, including hospitals, schools, critical infrastructure, and multinational corporations, resulting in billions of dollars in damages.

obtained by U.S. authorities, depicts the
LockBit data leak site
obtained by U.S. authorities, depicts the
LockBit data leak site

The LockBit Group’s Operations

The LockBit group operates by dividing its members into “developers” and “affiliates.” Developers like Panev are responsible for designing the malware code and maintaining the operational infrastructure.

Meanwhile, affiliates carry out the actual ransomware attacks and negotiate ransom payments from the victims. The group splits these payments among its members.

screenshot obtained from U.S. authorities depicts a
ransom negotiation conducted within the LockBit control panel
screenshot obtained from U.S. authorities depicts a
ransom negotiation conducted within the LockBit control panel

According to court documents, Panev played a pivotal role in the LockBit operations. He admitted to developing code that could disable antivirus software and deploy malware across multiple computers within a victim’s network.

He also confirmed receiving regular cryptocurrency payments for his work, consistent with transactions identified by U.S. authorities.

International Collaboration in the LockBit Investigation

The case against Panev highlights the critical role of international cooperation in combating cybercrime. Law enforcement agencies from multiple countries, including Europol, the United Kingdom, France, and Israel, have collaborated to dismantle the LockBit network.

In February, a coordinated effort led by the U.K.’s National Crime Agency disrupted LockBit’s operations by seizing key infrastructure used by the group.

Other LockBit Members Charged

In addition to Panev, the U.S. has charged six other individuals for their involvement with LockBit. These include alleged primary administrator Dmitry Yuryevich Khoroshev and affiliates Mikhail Vasiliev and Ruslan Astamirov, who have pleaded guilty and are awaiting sentencing.

The U.S. Department of State is offering up to $10 million in rewards for information leading to the arrest and conviction of certain key LockBit members.

Victim Assistance and Decryption Efforts

In response to the LockBit attacks, law enforcement has developed decryption capabilities that may help hundreds of victims recover their encrypted systems.

Victims are encouraged to contact the FBI’s Internet Crime Complaint Center (IC3) to determine if their systems can be decrypted.

The charges against Panev and the broader LockBit group represent a significant milestone in the fight against ransomware. As global authorities continue to collaborate and share intelligence, the barriers to cybercrime become increasingly formidable.

Furthermore, these efforts underscore the importance of international partnerships in combating complex cyber threats and ensuring that cybercriminals are held accountable for their crimes.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...