A Russian-Israeli national has been charged in the United States for his role as the developer of the notorious LockBit ransomware-as-a-service (RaaS) operation, which has caused billions in damages worldwide. Rostislav Panev, 51, was arrested in Israel in August 2024 and is currently awaiting extradition to the U.S., where he faces charges related to the ransomware's development and operation from around 2019 through February 2024.
According to the U.S. Department of Justice (DoJ), Panev earned approximately $230,000 from his ransomware operations between June 2022 and February 2024. "Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit co-conspirators to wreak havoc and cause billions of dollars in damage around the world," said U.S. Attorney Philip R. Sellinger.
LockBit, one of the most prolific ransomware groups, targeted over 2,500 entities in at least 120 countries, including hospitals, schools, and government agencies. The group is estimated to have earned at least $500 million in illicit profits. The group's infrastructure was seized in February 2024 as part of a global law enforcement operation known as Cronos.
Court documents reveal that Panev's computer contained administrator credentials for a dark web repository hosting the source code of multiple versions of the LockBit ransomware builder, which affiliates used to create custom variants. He is also accused of providing technical guidance to LockBit affiliates and collaborating with Dmitry Khoroshev, a key administrator of the operation.
Panev admitted in interviews with Israeli authorities that he played a significant role in the development of the malware, including the creation of code to disable antivirus software and deploying malware across compromised networks. Panev joins six other LockBit members who have been charged in the U.S. for their involvement in the operation.
Despite these setbacks, the LockBit gang is reportedly preparing for the release of LockBit 4.0 in February 2025.
Second NetWalker Ransomware Affiliate Gets 20 Years in Prison
Daniel Christian Hulea, a 30-year-old Romanian affiliate of the NetWalker ransomware operation, has been sentenced to 20 years in prison for his role in the group's cybercrime activities. Hulea was also ordered to forfeit $21.5 million in ransom payments and assets linked to the crimes.
Hulea, who pleaded guilty to computer fraud and wire fraud conspiracy in June 2024, was arrested in Romania in July 2023 and extradited to the U.S. He used the NetWalker ransomware to obtain approximately 1,595 bitcoin in ransom payments, valued at around $21.5 million. NetWalker was notorious for targeting healthcare organizations during the COVID-19 pandemic.
The NetWalker operation was dismantled in January 2021 when U.S. and Bulgarian authorities seized its dark web infrastructure. In October 2022, Canadian affiliate Sebastien Vachon-Desjardins was sentenced to 20 years in prison.
Raccoon Stealer Developer Sentenced to 5 Years in Prison
Mark Sokolovsky, the primary developer of the Raccoon Stealer malware, has been sentenced to five years in federal prison for conspiracy to commit computer intrusion. Sokolovsky, a Ukrainian national, was extradited to the U.S. in February 2024 and pleaded guilty in October.
Sokolovsky offered Raccoon Stealer as a malware-as-a-service (MaaS) to other criminals, enabling them to steal sensitive data, including financial information. The stolen data was sold on underground forums or used for financial crimes. The operation was taken offline in March 2022, following Sokolovsky’s arrest in the Netherlands.
The U.S. Federal Bureau of Investigation (FBI) has set up a website to help victims check if their email addresses were compromised by the Raccoon Stealer malware.
NYC Man Gets Nearly 6 Years in Prison for Credit Card Trafficking and Money Laundering
Vitalii Antonenko, a 32-year-old New York City man, has been sentenced to nearly six years in prison for his involvement in a scheme that used SQL injection attacks to steal credit card and personal information. Antonenko was arrested in March 2019 when he returned to the U.S. from Ukraine, carrying computers with hundreds of thousands of stolen payment card numbers.
The scheme targeted a hospitality business and a nonprofit organization in Massachusetts, selling the stolen data on criminal marketplaces. Antonenko was sentenced after pleading guilty to conspiracy charges related to unauthorized access to computer networks and money laundering.