Suspected LockBit dev, facing US extradition, 'did it for the money'
- Reference: 1734960670
- News link: https://www.theregister.co.uk/2024/12/23/lockbit_ransomware_dev_extradition/
- Source link:
Israeli law enforcement arrested Rostislav Panev, 51, a dual Russian and Israeli national, in August at the request of the US.
Panev faces 41 counts, including computer-related extortion, conspiracy to commit fraud, conspiracy to commit wire fraud, and intentional damage to a protected computer, according to a criminal complaint
[1]PDF
filed in the District of New Jersey that was unsealed on December 20.[2]
With the addition of Panev, seven LockBit members have been charged with crimes and three have been [3]arrested .
[4]
[5]
"We started this year with a coordinated international disruption of LockBit – the most damaging ransomware group in the world," Deputy Attorney General Lisa Monaco said in a [6]statement . "Fast forward to today and three LockBit actors are in custody thanks to the diligence of our investigators and our strong partnerships around the world."
LockBit, the notorious ransomware gang that began infecting victims around January 2020, more or less ended with the UK-led [7]disruption and [8]website seizure in February, followed by the [9]unmasking of the crew's alleged kingpin, Dmitry Yuryevich Khoroshev, aka LockBitSupp.
[10]
The feds unsealed an [11]indictment against Khoroshev in May, and he currently has a [12]$10 million bounty on his head.
While the scumbags still [13]claim victims and have even teased a new version of their malware, the criminal operation is a [14]shadow of its former self .
In total, the criminals infected more than 2,500 victims in at least 120 countries, including 1,800 in the US, according to the Justice Department. The group's affiliates extorted at least $500 million in ransom payments from their victims and caused billions of dollars in other losses.
[15]
From the group's inception around 2019 through February 2024, Panev worked as a LockBit developer, according to the criminal complaint.
At the time of his arrest in August, Israeli cops reportedly searched Panev's computer and discovered credentials for a Git repository that contained source code for LockBit's ESXi, Linux, Proxmox, and Nutanix builders; source code for the Conti ransomware variant; source code for the [16]StealBit custom data exfiltration tool; and a copy of the LockBit 3.0 ransom note.
The complaint says they also found access credentials for the LockBit control panel on Panev's machine:
Notably, the panel accessed with PANEV's credentials also included a handle to communicate with that LockBit user on 'Service-1,' a decentralized, end-to-end encrypted messaging platform. Specifically, the listed Service-1 handle was 'FUCKFBI' followed by other characters.
Prior to his arrest, US authorities say they obtained evidence showing that Panev exchanged direct messages with Khoroshev on a darkweb forum identified as "Forum-1," during which the two discussed work that needed to be done on the LockBit builder and control panel.
Between June 2022 and February 2024, Khoroshev made a series of payments to Panev, laundered through various cryptocurrency mixing services, of about $10,000 per month, the court documents allege.
After he was arrested in August, Panev "agreed to multiple voluntary interviews with Israeli authorities," the complaint says. During those interviews, he reportedly admitted his correspondence with LockBit began around 2019 and he performed several coding jobs for the gang in exchange for compensation.
"Those jobs included, among other things, writing code to disable the Windows Defender antivirus system (presumably, to allow a malware payload, like a LockBit build, to be deployed on a victim computer); writing code to deploy malware throughout a network via the Windows Active Directory service; and writing code to print a given text on all printers on a given network (presumably, the LockBit ransom note)," according to the criminal complaint.
[17]Euro cops arrest 4 including suspected LockBit dev chilling on holiday
[18]NCA unmasks man it suspects is both 'Evil Corp kingpin' and LockBit affiliate
[19]Five months after takedown, LockBit is a shadow of its former self
[20]LockBit dethroned as leading ransomware gang for first time post-takedown
Later during his tenure, Panev admitted to writing code for LockBit's encryption malware and providing technical guidance to the gang, and that's when the monthly $10,000 payments began rolling in.
But in perhaps our favorite part of the 48-page court document, Panev allegedly told the Israeli authorities that at first he didn't realize the work he was doing for LockBit was illegal.
"Panev claimed – dubiously, in the assessment of US authorities, given the nature of the services he acknowledged providing from the very beginning of his work for LockBit and his own extensive familiarity with computer science, hacking, and cybercrime, as discussed in this Affidavit – that he at first did not realize that the work he was doing for LockBit was unlawful," it reads.
Later, however, he did catch on to the fact that he was providing code for a criminal operation, but "admitted that he continued working for the LockBit group, in sum and substance, 'for the money.'" ®
Get our [21]Tech Resources
[1] https://regmedia.co.uk/2024/12/20/panev_superseding_complaint.pdf
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z2nrlop0bT2mC0zlRIf4lwAAAEY&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2024/10/01/euro_cops_arrest_four_mystery/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z2nrlop0bT2mC0zlRIf4lwAAAEY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z2nrlop0bT2mC0zlRIf4lwAAAEY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.justice.gov/opa/pr/united-states-charges-dual-russian-and-israeli-national-developer-lockbit-ransomware-group
[7] https://www.theregister.com/2024/02/23/lockbit_identity_reveal/
[8] https://www.theregister.com/2024/02/20/lockbit_down_operation_cronos/
[9] https://www.theregister.com/2024/05/07/alleged_lockbit_kingpin_charged_sanctioned/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z2nrlop0bT2mC0zlRIf4lwAAAEY&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[11] https://www.justice.gov/opa/pr/us-charges-russian-national-developing-and-operating-lockbit-ransomware
[12] https://www.state.gov/transnational-organized-crime-rewards-program-2/lockbit-ransomware-administrator-dmitry-yuryevich-khoroshev/
[13] https://www.theregister.com/2024/11/20/equinox_patients_employees_data/
[14] https://www.theregister.com/2024/07/31/five_months_after_lockbit/
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z2nrlop0bT2mC0zlRIf4lwAAAEY&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[16] https://www.theregister.com/2024/07/10/ransomware_data_exfil_malware/
[17] https://www.theregister.com/2024/10/01/euro_cops_arrest_four_mystery/
[18] https://www.theregister.com/2024/10/01/nca_names_alleged_evil_corp_kingpin/
[19] https://www.theregister.com/2024/07/31/five_months_after_lockbit/
[20] https://www.theregister.com/2024/05/22/lockbit_dethroned_as_leading_ransomware/
[21] https://whitepapers.theregister.com/
"Seems like every hacker’s got a price"
Yup... and it's pretty low...
It's the dark side of the libertarian hacker ethos: if the victims didn't want to get hacked, they should have protected themselves better.
That's actually a pretty good summation of the Russian hacker and petty criminal ethos. They think if they can take it from you, then they deserve it more than you.
Has he played the Autism card yet?
You'd be hard pressed to find any techie who's good at what they do and isn't higher than the norm on neuro divergence scales
Oh I totally agree. Pretty much everyone I've ever worked with in IT, including myself, has been somewhere "on the spectrum", to a lesser or greater extent.
I just thought it had become the norm for "hackers" to play the Autism card whenever they get lifted, as if it's some automatic get-out-of-jail-free (or extradition avoidance) defence.
Thought to be honest, a Russian hacker, in Israel, being extradited to the USA in the current climate? Pretty sure there's zero chance of that not happening, autism or not.
Dear AC, I work in tech and I’m not at all neurotic. BTW there should be a hyphen between the words neuro and divergent and you forgot to end your sentence with a period.
""Panev claimed – dubiously, in the assessment of US authorities, given the nature of the services he acknowledged providing from the very beginning of his work for LockBit and his own extensive familiarity with computer science, hacking, and cybercrime, as discussed in this Affidavit – that he at first did not realize that the work he was doing for LockBit was unlawful," it reads."
WHAT???!!11!!! How could he not know it was illegal? It's a ransom, any ransom should be illegal.
I suppose in a kleptocracy nothing's illegal providing Putin gets his cut.
"At first"
He is Israeli. His countrymen are live-streaming a genocide and boast about murdering children, his level of criminality is minor in comparison.
So clever yet so dumb
Hundreds of million dollars yet couldn't figure out to hide it or himself.
Seems like every hacker’s got a price
I wonder how they sleep at night
When the sale comes first and the ‘net comes second
Point and click for a minute and smile :-)
Why aren’t sites a little more onerous?
Stop using URL obfuscators and shorteners…
Just wanna surf a better place
And make the internet clean and safe…
It ain’t about the ca-Ching ca-Ching
It ain’t about about the click-click-cla-cling…