The U.S. Department of Justice (DOJ) has indicted a 51-year-old dual Russian-Israeli citizen, Rostislav Panev, for his alleged involvement with LockBit, the notorious ransomware group. The DOJ is currently seeking his extradition from Israel, where he was arrested.

Banev was arrested in August after two Russian members of the group, Ruslan Astamirov and Mikhail Vasiliev, pleaded guilty in July. The LockBit gang, according to the U.S. Department of Justice, has more than 2,500 victims in 120 countries around the world. These include small businesses, large multinational corporations, hospitals, schools, critical infrastructure, government agencies, and law enforcement agencies.

LockBit’s high-profile victims include Boeing, the Industrial and Commercial Bank of China, and the UK’s Royal Mail. The group has been linked to a series of ransomware attacks, where victims’ data was locked or their systems rendered inoperable in order to extort a fee.

LockBit developer arrested

Rostislav Panev worked as a developer and programmer for LockBit for about five years from its inception in 2019 to February 2024. The now-detained developer received approximately $230,000 in cryptocurrency transfers as payment for his work, according to charges filed by the Justice Department. LockBit and its affiliates extorted at least $500 million from victims and also caused significant revenue loss.

According to Banev’s attorney, defense attorney Sharon Nahari, he developed tools for the group without any knowledge of the software’s intended use. The alternate complaint received by the Justice Department alleges that Banev exchanged direct messages through an internet crime forum with LockBit’s chief executive.

His lawyer, Sharon Nahari, maintains that Banev was communicating with the group only through Telegram messages and had no idea who Dent was.

“The arrest of Mr. Banev reflects the department’s commitment to using all of its tools to combat the ransomware threat,” said Deputy Attorney General Lisa Monaco.

Attorney General Merrick P. Garland also stated that three individuals allegedly responsible for cyber attacks against thousands of victims are in custody and that the Department of Justice will continue to hold accountable all those who enable ransomware attacks.

Law enforcement campaign

LockBit group in 2019. The group was discovered in 2020 when its malware was discovered on a Russian cybercrime forum.

In February, law enforcement authorities in the UK and US seized websites and servers used by LockBit members and their associates. Police also obtained victim data and thousands of decryption keys, urging victims to contact the group for help in recovering their stolen data.

LockBit quickly reappeared after the seizure, saying menacingly, “I am unstoppable.”

Despite their bold stance, law enforcement efforts have significantly weakened the group's capacity.