A dual citizen of Russia and Israel has been indicted in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation from its inception in 2019 or around February 2024.
Rostislav Panev51, was arrested in Israel earlier this August and is currently awaiting extradition, the US Department of Justice (DoJ) said in a statement. Based on transfers to a cryptocurrency wallet owned by Panev, he allegedly earned about $230,000 between June 2022 and February 2024.
“For years, Rostislav Panev created and maintained a digital weapon that allowed his associates at LockBit to wreak havoc and cause billions of dollars in damage around the world,” US Attorney Philip R. Selinger said.
The infrastructure of LockBit, one of the most effective ransomware groups, was seized in February 2024 as part of an international law enforcement operation called Cronos. It gained notoriety for targeting more than 2,500 organizations in at least 120 countries around the world, including 1,800 in the US alone.
The victims of LockBit’s attacks have been individuals and small businesses, multinational corporations such as hospitals, schools, non-profit organizations, critical infrastructure, and government and law enforcement agencies. RaaS is believed to have generated at least $500 million in illegal profits for the group.
Court documents show Panev’s computer, analyzed after his arrest, had administrator credentials for an online vault hosted on the dark web that contained the source code for multiple versions of the LockBit builder, which affiliates used to create their own ransomware builds.
Credentials to access the LockBit control panel and the tool named were also found StealBitwhich allowed affiliated entities to steal sensitive data from compromised hosts before the encryption process began.
Panev, in addition to writing and maintaining the code for the LockBit malware and offering technical advice to the cybercriminal group, is also accused of exchanging direct messages with Dmitry Yuryevich Khoroshevthe main admin, who also went by the internet alias LockBitSupp, discussing the work on the builder and control panel.
“In an interview with Israeli authorities after his arrest in August, Panev admitted that he performed coding, development and consulting work for the LockBit group and that he received regular payments in cryptocurrency for this work,” the Justice Department said.
“Among the work Panev admitted to doing for the LockBit group was developing code to disable anti-virus software; to deploy malware on multiple computers connected to the victim’s network; and to print a LockBit ransom note on all printers connected to the victim. network”.
With the latest arrest, a total of seven LockBit members – Mikhail Vasiliev, Ruslan Astamirov, Artur Sungatov, Ivan Gennadyevich Kondratiev, Mikhail Pavlovich Matveev – were accused in the USA
Despitethese operational setbacks, LockBit operators look like this planning a returnwith the new version LockBit 4.0 scheduled for February 2025. However, it remains to be seen whether the extortion group will be able to successfully stage a comeback in light of the current wave of liquidations and accusations.
The second partner of the Netwalker extortionists gets 20 years in prison
The development comes after Daniel Cristian Hulea, the 30-year-old Romanian affiliate of the NetWalker ransomware operation, was sentenced to 20 years in prison and forfeited $21,500,000, as well as his shares in an Indonesian company and a luxury resort, which was financed from the proceeds. obtained illegally from attacks.
Hulea previously pleaded guilty in the US to charges of conspiracy to commit computer fraud and conspiracy to commit wire fraud in June 2024. He was arrested in Romania on July 11, 2023 and later extradited to the United States
“As part of the plea agreement, Hulea admitted that he used NetWalker to obtain approximately 1,595 bitcoins as ransom for himself and a co-conspirator, valued at approximately $21,500,000 at the time of payment,” the DOJ said in a statement. said.
The NetWalker ransomware operation has particularly singled out the healthcare sector in the midst of the COVID-19 pandemic. It was disassembled online in January 2021, when U.S. and Bulgarian authorities seized dark web sites used by the group. In October 2022, the Canadian branch of Sebastien Vachon-Dejardins was awarded up to 20 years in prison.
The developer of Raccoon Stealer was sentenced to 5 years in prison
In related law enforcement news, the Ministry of Justice also announced the sentence to Mark Sokolovsky, a citizen of Ukraine. accused being the primary developer of the Raccoon Stealer malware, to 60 months in federal prison on one count of conspiracy to hack into a computer.
The 28-year-old conspired to offer Raccoon Infostealer as a Malware-as-a-Service (MaaS) to other criminals for $200 a month, who then deployed the malware on victims’ systems, using various tricks such as phishing emails to steal sensitive data. The collected information was used to commit financial crimes or sold to others on underground forums.
Sokolovsky, who was extradited from the Netherlands in February 2024. pleaded guilty in the crime in early October and agreed to forfeit $23,975 and pay at least $910,844.61 in restitution.
“Mark Sokolowski was a key player in an international criminal conspiracy that victimized countless people by administering malware that made it cheaper and easier even for hobbyists to commit sophisticated cybercrimes,” said U.S. Attorney Jaime Esparza for the Western District of Texas.
This was reported by the US Federal Bureau of Investigation (FBI). create a website where users can check if their email address appears in the data stolen by the Raccoon stealer malware. Operation MaaS was shut down in March 2022 at the same time as Sokolowski was arrested by Dutch authorities.
A man from New York received almost 6 years in prison for trading credit cards and money laundering
The last steps are also in progress sentencing Vitaly Antonenko, a 32-year-old New York resident, served multiple days for participating in a criminal scheme that infiltrated systems using SQL injections to steal credit card and personal information and offer the data for sale to criminal online marketplaces.
“After the co-conspirator sold the data, Antonenko and others used Bitcoin, as well as traditional banking and money laundering operations, to disguise the nature, location, source, ownership and control of the proceeds,” the Justice Department said in May 2020. “The victims of the conspiracy were a hotel business and a non-profit research institution located in eastern Massachusetts.”
Antonenko was there arrested in March 2019 upon returning to the United States from Ukraine with “computers and other digital media containing hundreds of thousands of stolen payment card numbers.”
In September 2024 he pleaded guilty one count each of conspiracy to gain unauthorized access to computer networks and control of unauthorized access devices and one count of conspiracy to commit money laundering.
