A Lockbit ransomware developer has been extradited to the U.S., admitting to coding and consulting for the cybercriminal group, which paid him in cryptocurrency.
Lockbit Ransomware Developer Extradited to US in Global Crackdown
The U.S. Department of Justice (DOJ) announced on March 14 that Rostislav Panev, a dual Russian and Israeli citizen, has been extradited to the United States to face charges for his alleged role as a developer for the Lockbit ransomware group. Panev, 51, was arrested in Israel in August following a U.S. provisional arrest request and appeared before U.S. Magistrate Judge André M. Espinosa in Newark, where he was detained pending trial.
According to court documents, Panev worked as a developer for Lockbit from its inception in 2019 until February 2024. Prosecutors allege that he contributed to the development of malware used by affiliates to disable antivirus software, encrypt victim networks, and spread ransomware across multiple devices. Authorities discovered administrator credentials on Panev’s computer linked to Lockbit’s dark web repositories and control panel. The DOJ revealed:
The primary Lockbit administrator made a series of transfers of cryptocurrency, laundered through one or more illicit cryptocurrency mixing services, of approximately $10,000 per month to a cryptocurrency wallet owned by Panev. Those transfers amounted to over $230,000 during that period.
Following his arrest, Panev reportedly admitted his role in Lockbit’s operations, with the DOJ stating: “Panev admitted to having performed coding, development, and consulting work for the Lockbit group and to having received regular payments in cryptocurrency for that work, consistent with the transfers identified by U.S. authorities.”
Panev’s extradition is part of a broader international effort to dismantle Lockbit, which was significantly disrupted in February 2024 by a multinational law enforcement operation. Authorities seized Lockbit’s servers and public-facing websites, severely impacting its ability to conduct ransomware attacks.
Several affiliates, including Mikhail Vasiliev and Ruslan Astamirov, have pleaded guilty in New Jersey, while key figures like Lockbit’s primary administrator, Dmitry Yuryevich Khoroshev, remain at large. The U.S. Department of State is offering up to $10 million in rewards for information leading to the arrests of Lockbit leaders. Victims of the ransomware group are encouraged to report incidents to law enforcement, as decryption tools may be available to restore affected systems.
