LockBit ransomware developer extradited to face crimes in the United States

The United States Department of Justice (DOJ) has announced the extradition of a developer who worked for the LockBit ransomware group to the United States. According to authorities, the developer, Rotislav Pandev admitted to coding and consulting for the cybercriminal group, which paid him in digital assets.

According to authorities, the LockBit developer was first apprehended in Israel in August in connection to a provisional arrest request made by the United States. The 51-year-old was then extradited to the US and had his first appearance in court, appearing before US Magistrate Judge Andre M. Espinosa. The judge ruled that Pandev be detained until his trial.

LockBit ransomware developer faces charges in the US

According to a previous complaint consisting of documents filed in this case and others in related cases, Pandev was a developer for the LockBit ransomware group from its inception in 2019 to around February 2024. During the period, Pandev and other members of the gang grew the group to become ruthless in the ransomware world, with some even noting that it was the most active and destructive ransomware group at the time.

In the complaint, the LockBit group was said to have attacked nothing less than 2,500 victims across 120 countries globally. Their victims ranged from individuals to small businesses, multinationals, hospitals, governments, and even law enforcement agencies. The filing mentioned that the group had about 1,800 of its victims living in the United States at the time it carried out its activities.

LockBit members allegedly cashed out $500 million from numerous ransom payments from victims, causing billions of dollars in other losses, including lost revenue and costs from incident response and recovery. Authorities mentioned that the LockBit group was composed of developers like Pandev who designed the group’s malware codes and maintained the infrastructure that the group operated on.

The group had members known as affiliates, who would usually deploy their malware and extort payments from their victims. After the payment, the group members will then split the loot, giving each person their share.

In the complaint, authorities mentioned that after Pandev’s arrest in Israel, law enforcement discovered on his computer an administrative credential that was hosted on the dark web and stored codes for multiple versions of the LockBit builder. This allowed the different affiliates to build custom malware for particular victims. They also discovered the StealBit tool that helped the group extract the stolen data through their attacks.

United States authorities vow to apprehend all LockBit members

In the interviews that Pandev granted after his arrest in Israel, he told authorities that he performed several activities for the LockBit group, including coding, development, and consulting work. He also confessed to having received payments consistent with the ones flagged by authorities in the United States. He mentioned that one key project he worked on was to develop a code to disable antivirus software and infect computers connected to a network.

Pandev also mentioned that he created malware to enable the printing of the LockBit ransom note to all the printers connected to a victim network. He also mentioned that he wrote other malware codes and provided technical guidance to the LockBit group.

The apprehension of Pandev is coming after the disruption of LockBit ransomware in February 2024 by authorities in the United Kingdom. The joint operation was carried out by several authorities, including the Justice Department, FBI, and other international law enforcement agencies. Aside from Pandev, authorities have also charged seven other members of the group.

The primary creator, developer, and administrator of the group Dmitry Yuryevich Khoroshev had his indictment unsealed in May. The indictment noted that he started developing LockBit in September 2019 and continued to act as its administrator till 2024. Khoroshev also recruited other members into the role but spoke for the group under his “LockBitSupp” alias. The United States Transnational Organized Crime (TOC) Rewards Program has announced a reward of $10 million for any information leading to his arrest.

“Rostislav Panev’s extradition to the District of New Jersey makes it clear: if you are a member of the LockBit ransomware conspiracy, the United States will find you and bring you to justice,” said United States Attorney John Giordano. He also added that even though criminals are now using sophisticated means to commit crimes, his office, in collaboration with other law enforcement, will deploy all measures to apprehend and prosecute the criminals.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot