US seeks extradition of alleged LockBit ransomware developer from Israel

The United States is attempting to extradite an Israeli citizen, Rostislav Panev, who is charged with working as a software developer for the LockBit ransomware group.

Panev is accused of assisting LockBit between 2019 and 2024, according to the extradition request reported by Ynet news. He was allegedly paid approximately $230,000 in bitcoin to develop tools for LockBit, including one that printed ransom notes from any printers connected to the compromised system.

A gag order relating to Panev’s extradition was lifted on Thursday, although he has been under arrest since August 18. Authorities in the U.S. requested the gag order to prevent other LockBit suspects also under investigation from fleeing to Russia. It is not clear whether this was successful.

LockBit extortion letters and digital wallets linked to Panev’s remuneration from the gang were allegedly discovered at his home in Haifa.

Panev’s lawyer, Sharon Nahari, told Ynet: “My client is a computer technician. His role was strictly limited to software development, and he was neither aware of nor involved in the primary offenses he has been accused of, including fraud, extortion, and money laundering.”

The arrest follows a law enforcement operation to disrupt LockBit earlier this year, when a week of revelations followed what Britain’s National Crime Agency described as an operation that provided “unprecedented” intelligence from the criminals’ infrastructure.

Its pseudonymous leader, LockBitSupp, was subsequently exposed as a Russian national, Dmitry Khoroshev. The U.S. indicted him and imposed financial sanctions, as did the United Kingdom and Australia. LockBitSupp claimed the wrong man had been identified.

Several of the ransomware scheme’s affiliates have also been identified and arrested. One, a Russian national called Aleksandr Ryzhenkov, was exposed and accused of also being one of the main members of the Evil Corp cybercrime group.