US seeks extradition of alleged LockBit ransomware developer from Israel

Avatar

The United States is attempting to extradite an Israeli citizen, Rostislav Panev, who is charged with working as a software developer for the LockBit ransomware group.

Panev is accused of assisting LockBit between 2019 and 2024, according to the extradition request reported by Ynet news. He was allegedly paid approximately $230,000 in bitcoin to develop tools for LockBit, including one that printed ransom notes from any printers connected to the compromised system.

A gag order relating to Panev’s extradition was lifted on Thursday, although he has been under arrest since August 18. Authorities in the U.S. requested the gag order to prevent other LockBit suspects also under investigation from fleeing to Russia. It is not clear whether this was successful.

LockBit extortion letters and digital wallets linked to Panev’s remuneration from the gang were allegedly discovered at his home in Haifa.

Panev’s lawyer, Sharon Nahari, told Ynet: “My client is a computer technician. His role was strictly limited to software development, and he was neither aware of nor involved in the primary offenses he has been accused of, including fraud, extortion, and money laundering.”

The arrest follows a law enforcement operation to disrupt LockBit earlier this year, when a week of revelations followed what Britain’s National Crime Agency described as an operation that provided “unprecedented” intelligence from the criminals’ infrastructure.

Its pseudonymous leader, LockBitSupp, was subsequently exposed as a Russian national, Dmitry Khoroshev. The U.S. indicted him and imposed financial sanctions, as did the United Kingdom and Australia. LockBitSupp claimed the wrong man had been identified.

Several of the ransomware scheme’s affiliates have also been identified and arrested. One, a Russian national called Aleksandr Ryzhenkov, was exposed and accused of also being one of the main members of the Evil Corp cybercrime group.

CybercrimeNewsNews BriefsMalwarePeople
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Routers with default passwords are attracting Mirai infections, Juniper says

Next Post

Chainalysis: $2.2 billion stolen from crypto platforms in 2024 cyberattacks

Related Posts

TikTok Pixel Privacy Nightmare: A New Case Study

Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured
Avatar
Read More

The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid
Avatar
Read More