{"id":28915,"date":"2024-12-24T12:46:40","date_gmt":"2024-12-24T12:46:40","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=28915"},"modified":"2024-12-24T14:59:28","modified_gmt":"2024-12-24T14:59:28","slug":"lockbit-developer-arrested-in-israel","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/lockbit-developer-arrested-in-israel\/","title":{"rendered":"LockBit Ransomware Developer Arrested and Extradicted in Israel"},"content":{"rendered":"

US authorities have detained a developer associated with the LockBit group<\/strong>, one of the most active ransomware creators. Investigators allege he has been working as a programmer for the notorious hacker group since January 2022. Israeli law enforcement took him into custody, and the U.S. is now seeking his extradition.<\/p>\n

LockBit Developer Rostislav Panev Charged<\/h2>\n

In February 2024<\/a>, UK and US law enforcement seized the infrastructure<\/a>, including its servers and websites. Thousands of decryption keys and victim-related information were obtained by the authorities. Affected companies are now being encouraged to seek assistance in recovering their stolen information.<\/p>\n

Rostislav Panev, 51-y.o. dual Russian-Israeli citizen, has been charged in the U.S. for his alleged role as a developer of LockBit, specifically the cryptor and data extraction tools, and also maintained the gang’s infrastructure. His brainchild is what enabled cybercriminals to deploy ransomware<\/a> without advanced technical skills by offering pre-built tools and infrastructure.<\/p>\n

\"Rostislav
Rostislav Panev social media<\/figcaption><\/figure>\n

Panev, who was active in the operation from 2019 to February 2024, was arrested in Israel in August 2024 and is currently awaiting extradition to the U.S. This is a rather unusual situation as Israel typically refuses to proceed with extradition of their citizens. Yet it seems this time the guy is way too bad for Bagatz to cover him.<\/p>\n

What is LockBit Ransomware?<\/h2>\n

LockBit is a ransomware-as-a-service (RaaS) platform that allows cybercriminals to deploy ransomware without requiring advanced technical skills. It provides pre-built tools and infrastructure, enabling attackers to encrypt data and demand ransoms. It has several versions and we have a separate post dedicated to LockBit ransomware<\/a>.<\/p>\n

\"LockBit
Darknet site of the ransomware gang<\/figcaption><\/figure>\n

Although the suspect’s lawyer, Sharon Nahari, is prepared to vigorously defend his client and claims he was merely a developer communicating with the group via Telegram, an analysis of cryptocurrency proceeds suggests otherwise. Panev is alleged to have earned $230,000<\/strong> between June 2022 and February 2024 through cryptocurrency payments tied to his work with LockBit.<\/p>\n

Evidence recovered from his computer indicates that he had access to source code and tools, including StealBit. StealBit is a data exfiltration tool used to steal sensitive information before encrypting victims’ systems. His involvement went beyond coding; he also provided technical guidance and worked closely with Dmitry Khoroshev, known as LockBitSupp<\/a>.<\/p>\n

\"Khoroshev
Lockbit Ransomware Administrator Dmitry Yuryevich Khoroshev<\/figcaption><\/figure>\n

How about victims, the LockBit attacked over 2,500 entities across 120 countries<\/strong>, targeting victims ranging from small businesses to critical infrastructure. The group reportedly generated $500 million in illicit profits. Despite a major law enforcement operation, ‘Cronos,’ which dismantled its infrastructure in February 2024, the group has announced plans for a resurgence with LockBit 4.0, expected in February 2025.<\/p>\n

LockBit 4.0 Released<\/h2>\n

Despite losing their key developer, the ransomware group managed to release a new version of their ransomware<\/strong>. They\u2019ve announced the release on their Darknet leak pages, and also launched a whole new affiliate hiring campaign. It is not new for the gang to perform such actions in a pompous manner, yet it looks strange considering all the previous events.<\/p>\n

We have a dedicated article regarding LockBit 4.0 ransomware release<\/a>, with the detailed description of what the analysts have found in the new variant of odious malware.<\/div>\n","protected":false},"excerpt":{"rendered":"

US authorities have detained a developer associated with the LockBit group, one of the most active ransomware creators. Investigators allege he has been working as a programmer for the notorious hacker group since January 2022. Israeli law enforcement took him into custody, and the U.S. is now seeking his extradition. LockBit Developer Rostislav Panev Charged […]<\/p>\n","protected":false},"author":7,"featured_media":28927,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[15],"tags":[619,649,55],"class_list":{"0":"post-28915","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security-news","8":"tag-cybersecurity","9":"tag-lockbit","10":"tag-ransomware"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2024\/12\/LockBit-Ransomware-Developer-Arrested-and-Extradicted-in-Israel.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/28915","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=28915"}],"version-history":[{"count":10,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/28915\/revisions"}],"predecessor-version":[{"id":28956,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/28915\/revisions\/28956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/28927"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=28915"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=28915"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=28915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}