{ "id": "950210a2-8169-40cf-8174-9560b1e96841", "created_at": "2026-04-06T00:17:01.721914Z", "updated_at": "2026-04-10T03:24:39.599766Z", "deleted_at": null, "sha1_hash": "bdbc5461a96f92a85fec9c762038f033d09a50f9", "title": "Suspected LockBit ransomware dev extradited to United States", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3161924, "plain_text": "Suspected LockBit ransomware dev extradited to United States\r\nBy Bill Toulas\r\nPublished: 2025-03-14 · Archived: 2026-04-05 20:30:22 UTC\r\nA dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been\r\nextradited to the United States to face charges.\r\nRostislav Panev, 51, was arrested in Israel last August, where police reportedly found incriminating evidence on his laptop.\r\nThis included credentials for LockBit's internal control panel and a repository containing source code for LockBit encryptors\r\nand the gang's custom data theft tool, StealBit.\r\nIn December, the U.S. Department of Justice charged Panev, accusing him of developing LockBit's ransomware encryptors\r\nand StealBit.\r\nhttps://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOver 18 months, between June 2022 and February 2024, Panev allegedly earned $230,000 in cryptocurrency for his work\r\nwith the group.\r\nPanev has been involved with LockBit ransomware since its inception in 2019, helping operators and affiliates attack over\r\n2,500 entities across 120 countries and extracting ransom payments of over $500,000,000.\r\nApproximately 1,800 victims (72%) were U.S.-based entities, including hospitals, schools, corporations, and government\r\nagencies.\r\n\"Panev acted as a developer of the LockBit ransomware group from its inception in or around 2019 through at least\r\nFebruary 2024,\" reads the U.S. DoJ announcement.\r\n\"During that time, Panev and his LockBit coconspirators grew LockBit into what was, at times, the most active and\r\ndestructive ransomware group in the world.\"\r\nPanev remained an active member of LockBit ransomware's core team until February 2024, when an international law\r\nenforcement operation led by the UK's National Crime Agency (NCA) and the FBI severely disrupted the cybercrime\r\norganization.\r\nDismantling LockBit\r\nPanev's arrest, indictment, and now extradition follow indictments against other LockBit members, including its leader\r\nDmitry Yuryevich Khoroshev (\"LockBitSupp\"), who is currently wanted with a $10M reward.\r\nOther prominent LockBit members who have been charged in the U.S. include Mikhail Vasiliev (awaiting sentencing),\r\nRuslan Astamirov (awaiting sentencing), Artur Sungatov (wanted), Ivan Kondratyev (wanted), and Mikhail Matveev\r\n(wanted).\r\nAll of these people are suspected of being LockBit affiliates or operators. At the same time, Matveev has also had a role in\r\nmultiple other ransomware variants apart from LockBit and has a $10M bounty reward for tips leading to his arrest.\r\nThe U.S. Department of State's Transnational Organized Crime (TOC) Rewards Program offers $10 million for information\r\nleading to the identification and location of other core team members of LockBit, while $5 million is given for tips on\r\naffiliates.\r\nhttps://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/\r\nhttps://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/" ], "report_names": [ "suspected-lockbit-ransomware-dev-extradited-to-united-states" ], "threat_actors": [ { "id": "77b28afd-8187-4917-a453-1d5a279cb5e4", "created_at": "2022-10-25T15:50:23.768278Z", "updated_at": "2026-04-10T02:00:05.266635Z", "deleted_at": null, "main_name": "Inception", "aliases": [ "Inception Framework", "Cloud Atlas" ], "source_name": "MITRE:Inception", "tools": [ "PowerShower", "VBShower", "LaZagne" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434621, "ts_updated_at": 1775791479, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/bdbc5461a96f92a85fec9c762038f033d09a50f9.pdf", "text": "https://archive.orkl.eu/bdbc5461a96f92a85fec9c762038f033d09a50f9.txt", "img": "https://archive.orkl.eu/bdbc5461a96f92a85fec9c762038f033d09a50f9.jpg" } }