Justice finally caught up with Rostislav Panev, the 51-year-old dual Russian-Israeli national who helped build one of the world’s most destructive ransomware operations. Arrested in Israel last August and extradited to the U.S. on March 14, 2025, Panev now sits in a New Jersey detention center awaiting trial. No comfy hotel rooms for this alleged cyber-criminal.
The feds aren’t playing around. They’ve slapped Panev with a 41-count criminal complaint, accusing him of being a key LockBit developer from 2019 until February 2024. Computer extortion, conspiracy – the whole cybercrime buffet. His alleged handiwork? Just a global ransomware operation that attacked over 2,500 victims across 120 countries. No big deal.
Except it is. LockBit targeted everything from hospitals to schools, extorting over $500 million in ransom payments and causing billions in damages. LockBit’s infamous attack on Toronto’s Hospital for Sick Children demonstrated their reach, though they later issued an unusual public apology after realizing the impact. They didn’t discriminate – if you had data and money, you were fair game.
The evidence against Panev looks pretty damning. Investigators found administrator credentials for a LockBit repository on his computer, along with source code for their nasty tools. They also uncovered direct messages between Panev and LockBit’s administrator. During voluntary interviews with Israeli authorities, he admitted to disabling Windows Defender and deploying malware through Active Directory.
Oh, and those $230,000+ in cryptocurrency payments to his wallet? Hard to explain those away.
Panev’s capture is part of Operation Cronos, the international effort that disrupted LockBit’s infrastructure earlier this year. The FBI snagged 7,000+ decryption keys during that operation. Score one for the good guys.
While Panev faces the music in New Jersey, LockBit’s alleged leader remains at large with a $10 million bounty on his head. The group operated on a business model that would make some startups jealous – developers created the malware, affiliates deployed it, and everyone split the profits. This case highlights why organizations must implement proper risk assessment frameworks to protect against such sophisticated ransomware operations.
For now, Panev’s detention deals a significant blow to LockBit‘s development capabilities. His case sends a clear message to other ransomware operators: your keyboard won’t protect you forever.
