LockBit Dev Caught: Russian-Israeli Hacker Faces U.S. Charges
Here we go again—another big name in the ransomware world taken down. This time it’s Rostislav Panev, a dual Russian-Israeli national and allegedly one of the brains behind LockBit.
What’s the Deal with Panev?
Panev wasn’t just some affiliate running play-by-play attacks. Nope. He was a developer—the guy behind the curtain writing the code that made LockBit the ransomware-as-a-service (RaaS) juggernaut it is today. According to the DOJ, Panev worked with LockBit from its early days, helping the group evolve into one of the most prolific ransomware variants in history.
LockBit by the Numbers
Let’s talk about the scale of the destruction:
Over 2,500 attacks across at least 120 countries.
Victims range from hospitals to government agencies to Fortune 500 companies.
At least $500 million in extorted payments.
LockBit has been the ransomware of choice for hackers who want a quick, dirty, and devastatingly effective tool.
The Arrest
Panev was arrested in Israel back in August 2024 (yes, Israel cooperating on cybercriminal extraditions is a big deal) and now awaits extradition to the U.S. This follows a broader crackdown on LockBit, including:
The arrest of two Russian nationals, Ruslan Astamirov and Mikhail Vasiliev, who pleaded guilty earlier this year.
Law enforcement agencies seizing multiple LockBit-related domains to disrupt their operations.
The Big Bounty: Millions in Rewards
Here’s where it gets even more interesting: the U.S. Department of State isn’t just going after the developers and affiliates—it’s offering big bucks to anyone who can help take LockBit down for good. Through the Transnational Organized Crime (TOC) Rewards Program, they’re putting serious cash on the table:
Up to $10 million for information leading to the arrest or conviction of Khoroshev.
Up to $10 million for information leading to the arrest or conviction of Matveev.
Up to $10 million for identifying and locating anyone in a leadership position within LockBit.
Up to $5 million for information on individuals participating in or attempting to join LockBit.
Yes, you read that right. If you have intel, that could mean life-changing money. Tips are being accepted through the FBI’s website at tips.fbi.gov.
Sanctions and Beyond
Khoroshev, Matveev, and two other LockBit operators—Sungatov and Kondratyev—aren’t just wanted men. They’ve also been slapped with sanctions by the U.S. Treasury’s Office of Foreign Assets Control (OFAC). This means their assets are frozen, and they’re effectively cut off from international financial systems. It’s a full-court press to cripple LockBit at every level.
Why Panev Matters
LockBit is not just another ransomware variant—it’s arguably the blueprint for modern RaaS. Panev’s alleged role as a developer means he wasn’t just following orders—he was writing the code that made LockBit’s tools smarter, faster, and more damaging. Think encryption techniques, payload delivery, and anti-detection mechanisms.
Taking down someone at Panev’s level isn’t just a win—it’s a signal that no one, not even the ones behind the scenes, is untouchable.
The Bigger Picture
This isn’t happening in a vacuum. The global crackdown on ransomware groups like LockBit is picking up speed:
Cross-border cooperation: Israel arresting and potentially extraditing Panev to the U.S. shows the international cybercrime fight is getting serious.
Sanctions and disruption: Governments are going after these groups with seizures, sanctions, and take-downs of infrastructure.
Bounties and collaboration: Offering rewards for actionable intel shows how far the U.S. is willing to go to dismantle these operations.
What Happens Next?
Panev faces some serious heat in the U.S. If convicted, he’s looking at hefty prison time. Meanwhile, the fight against ransomware rages on. LockBit might be wounded, but it’s far from dead.
The Takeaway
LockBit has been a cyber boogeyman for years, and taking down someone like Panev isn’t just about accountability—it’s about disrupting the very structure of RaaS operations. But let’s be real: as long as ransomware remains profitable, there will always be someone ready to step into the void.
👉 Stay tuned. The ransomware war isn’t over—it’s just getting started.
For more information about this DOJ press release: https://www.justice.gov/opa/pr/united-states-charges-dual-russian-and-israeli-national-developer-lockbit-ransomware-group
Thanks for reading CodeAIntel! Subscribe for free to receive new posts and support my work.