Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Uncategorized

US charged Dual Russian and Israeli National as LockBit Ransomware developer

US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group. Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. Arrested in Israel, he awaits extradition to the U.S. Panev was arrested in Israel in August and is awaiting extradition to the U.S. […]

Lockbit ransomware group

US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group.

Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. Arrested in Israel, he awaits extradition to the U.S.

Panev was arrested in Israel in August and is awaiting extradition to the U.S. on criminal charges.

The man is accused of being a LockBit ransomware developer from 2019 through at least February 2024. The leading ransomware group attacked over 2,500 victims worldwide, including 1,800 in the United States, extracted $500M in ransoms, and caused billions in damages.

The list of victims included individuals, small businesses, and multinational corporations. The ransomware gang and its affiliates targeted hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies.

Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds.

“As alleged in the superseding complaint, at the time of Panev’s arrest in Israel in August, law enforcement discovered on Panev’s computer administrator credentials for an online repository that was hosted on the dark web and stored source code for multiple versions of the LockBit builder, which allowed LockBit’s affiliates to generate custom builds of the LockBit ransomware malware for particular victims. On that repository, law enforcement also discovered source code for LockBit’s StealBit tool, which helped LockBit affiliates exfiltrate data stolen through LockBit attacks.” reads the press release published by DoJ. “Law enforcement also discovered access credentials for the LockBit control panel, an online dashboard maintained by LockBit developers for LockBit’s affiliates and hosted by those developers on the dark web.

The complaint alleges Panev communicated with LockBit’s leader, Dmitry Khoroshev, about developing ransomware tools. Panev received over $230,000 in laundered cryptocurrency from Khoroshev between 2022 and 2024.

After his August arrest, Panev admitted to having had a role in coding, developing, and consulting for the LockBit group. He developed the code to disable antivirus software, deploy malware, and print ransom notes to all printers connected to a victim network.

A $10 million reward was offered for information on Khoroshev through the U.S. State Department’s TOC Rewards Program via the FBI tip website.

Khoroshev and other three members of the gang (Matveev, Sungatov, and Kondratyev) were sanctioned by the U.S. Treasury’s OFAC for their involvement in cyberattacks.

Seven LockBit members have been charged in New Jersey. Panev and Khoroshev face charges; Vasiliev and Astamirov pleaded guilty and await sentencing. Sungatov, Kondratyev, and Matveev, also indicted, remain at large. Matveev has a $10M U.S. reward for information leading to his arrest.

“As alleged by the complaint, Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit coconspirators to wreak havoc and cause billions of dollars in damage around the world,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “But just like the six other LockBit members previously identified and charged by this office and our FBI and Criminal Division partners, Panev could not remain anonymous and avoid justice indefinitely. He must now answer for his crimes. Today’s announcement represents another blow struck by the United States and our international partners against the LockBit organization, and our efforts will continue relentlessly until the group is fully dismantled and its members brought to justice.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)