Category: Security News

Source: United States Department of Justice

Gabriella Oropesa, of Cooper City, Florida, was convicted yesterday for her role in a conspiracy to injure, oppress, threaten or intimidate employees of pro-life pregnancy help centers in the free exercise of the right to provide and seek to provide reproductive health services. The defendant and her co-conspirators selected reproductive health facilities that provided and counseled alternatives to abortion and vandalized those facilities with threatening messages. Caleb Freestone, Amber Stewart-Smith and Annarella Rivera previously pleaded guilty for their participation in the conspiracy.

According to court documents and evidence presented at trial, between May 2022 and July 2022, Oropesa, Freestone, Smith-Stewart and Rivera engaged in a series of targeted attacks on pro-life pregnancy help centers in Florida. The defendants, in the dark of night and while wearing masks and dark clothing to obscure their identities, spray painted the facilities with threatening messages, including “If abortions aren’t safe than niether [sic] are you,” “YOUR TIME IS UP!!,” “WE’RE COMING for U” and “We are everywhere.”

“The Freedom of Access to Clinic Entrances Act is clear: no one should have to face threats and intimidation just for doing their job,” said Assistant Attorney General Kristen Clarke of the Justice Department’s Civil Rights Division. “The Justice Department will continue to ensure access to the full spectrum of reproductive health services afforded to the public, whether those services include abortion or counseling on alternatives to abortion.”

“Federal law protects providers who render reproductive health care and those who seek their services,” said U.S. Attorney Roger Handberg for the Middle District of Florida. “Threats of violence against pregnancy resource centers or those exercising their rights to care will not be tolerated.”

A sentencing hearing is scheduled for March 19, 2025. Oropesa faces a maximum penalty of 10 years in prison for the conspiracy charge. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI Tampa Field Office investigated the case, with assistance from the Polk County Sheriff’s Office and Winter Haven, Hialeah and Hollywood Police Departments.

Assistant U.S. Attorney Courtney Derry for the Middle District of Florida and Trial Attorney Laura-Kate Bernstein of the Civil Rights Division’s Criminal Section are prosecuting the case.

Anyone who has information about incidents of violence, threats and obstruction that target a patient or provider of reproductive health services, or damage and destruction of reproductive health care facilities, should report that information to the FBI at www.tips.fbi.gov. For more information about clinic violence, and the Justice Department’s efforts to enforce Freedom of Access to Clinic Entrances Act violations, please visit www.justice.gov/crt/national-task-force-violence-against-reproductive-health-care-providers.

Source: United States Department of Justice Criminal Division

OVW conducted a live web-based pre-application information session for its Fiscal Year 2025 Justice for Families funding opportunity. During the presentation, OVW staff reviewed this program’s requirements, discussed the opportunity, and allowed for a brief question-and-answer period.

Source: United States Department of Justice Criminal Division

Covid Test DMV LLC, doing business as Rapid Health (Rapid Health), a pharmacy located in Los Angeles, has agreed to pay the United States $8,242,860 to resolve allegations that it violated the False Claims Act (FCA) by knowingly submitting or causing the submission of false claims to Medicare for over-the-counter (OTC) Covid-19 tests that were not provided to Medicare beneficiaries.

Between April 2022 and May 2023, Rapid Health distributed OTC Covid-19 tests in connection with the Centers for Medicare & Medicaid Services (CMS) OTC Covid-19 Test Demonstration Project (Demonstration Project). During the Demonstration Project, Medicare Part B beneficiaries could request OTC Covid-19 tests from participating providers, and CMS would reimburse those providers for up to eight OTC Covid-19 tests per Medicare Part B beneficiary per month at a fixed rate of $12 per test.

The settlement announced today resolves allegations that Rapid Health knowingly submitted or caused the submission of claims to Medicare for OTC Covid-19 tests that Rapid Health never provided to Medicare beneficiaries. Medicare patients could order OTC Covid-19 tests from Rapid Health during the Demonstration Project through Rapid Health’s website. When Rapid Health received an order, it was supposed to process the order, generate a shipping label, and send the OTC Covid-19 test to the beneficiary. The United States alleged that issues with Rapid Health’s processing procedures caused Rapid Health to bill orders to Medicare without shipping the test to the beneficiary, and that although Rapid Health was aware of these issues it nevertheless continued to bill Medicare for tests that were not shipped.

“The Demonstration Project was designed to increase the availability of OTC Covid-19 tests to Medicare beneficiaries in an unprecedented time of need,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “Providers that knowingly billed for tests that were never given to patients failed to support the goals of the project and defrauded the American taxpayers.”

“This outcome serves as a reminder of our unwavering commitment to combat health care fraud and investigate those who allegedly attempt to exploit and defraud Medicare and other federally funded health care programs,” said Special Agent in Charge Maureen Dixon of the Department of Health and Human Services Office of Inspector General (HHS-OIG). “With our local, state and federal partners, HHS-OIG will continue to work aggressively to ensure the dependability and the integrity of the Medicare program.”

The resolution obtained in this matter was the result of a coordinated effort between the Justice Department’s Civil Division, Commercial Litigation Branch, Fraud Section, and HHS-OIG.

Trial Attorney Lindsay DeFrancesco of the Civil Division’s Fraud Section handled the matter.

On May 17, 2021, the Attorney General established the COVID-19 Fraud Enforcement Task Force to marshal the resources of the Justice Department in partnership with agencies across the federal government to enhance efforts to combat and prevent pandemic-related fraud. The task force bolsters efforts to investigate and prosecute the most culpable domestic and international actors committing civil and criminal fraud and assists agencies tasked with administering relief programs to prevent fraud by, among other methods, augmenting and incorporating existing coordination mechanisms, identifying resources and techniques to uncover fraudulent actors and their schemes and sharing and harnessing information and insights gained from prior enforcement efforts. For more information on the department’s response to the pandemic, please visit www.justice.gov/coronavirus.

Tips and complaints from all sources about potential fraud affecting COVID-19 government relief programs can be reported by visiting the webpage of the Civil Division’s Fraud Section, which can be found here. Anyone with information about allegations of attempted fraud involving COVID-19 can also report it by calling the Justice Department’s National Center for Disaster Fraud (NCDF) Hotline at 866-720-5721 or via the NCDF Web Complaint Form at www.justice.gov/disaster-fraud/ncdf-disaster-complaint-form.

The claims resolved by the settlement are allegations only. There has been no determination of liability.

Source: United States Department of Justice Criminal Division

Note: View the unsealed complaint here.

A complaint was unsealed today charging Mohammad Reza Nouri, 36, of Iran, also known as Muhammad Rida Husayn, Ali Asghar Nuri, and Abu Abbas, an Iranian national and officer in the IRGC, in connection with Nouri’s alleged role in orchestrating the Nov. 7, 2022, murder of American Stephen Troell in Baghdad, Iraq. Nouri was arrested in Iraq in March 2023.

“The Department of Justice will not tolerate terrorists and authoritarian regimes targeting and murdering Americans anywhere in the world,” said Attorney General Merrick B. Garland. “We allege that Mohammad Reza Nouri, an officer in the Islamic Revolutionary Guard Corps, orchestrated the murder of Stephen Troell, an American citizen living in Iraq, carrying out the Iranian Regime’s efforts to take vengeance for the death of Qasim Soleimani. Stephen should still be alive today, and the Justice Department will work relentlessly to ensure accountability for his murder.”

“The Islamic Revolutionary Guard Corps remains determined to target U.S. citizens, and orchestrated a cold-blooded plot to brutally murder Stephen Troell, a Tennessee native working at an English language institute in Iraq,” said FBI Director Christopher Wray. “According to the allegations, Mohammad Reza Nouri, an IRGC captain, played a key role in planning the attack in which Troell was ambushed as he drove home from work with his wife. Today’s announcement makes clear that the FBI and our partners will not tolerate the IRGC’s ruthless attacks on Americans, here in the United States or overseas, and will hold accountable any who seek to harm our citizens.”

“As alleged, Mohammad Reza Nouri, a Captain in Iran’s Islamic Revolutionary Guard Corps, orchestrated the murder of American Steven Troell in Iraq,” said Acting U.S. Attorney Edward Kim for the Southern District of New York. “Nouri is alleged to have gathered intelligence on Troell’s daily routine and whereabouts, procured weapons and vehicles, and provided safe harbor to the operatives who carried out the sinister plot to brutally attack Troell in front of his wife. As alleged, the Iranian regime is actively targeting U.S. citizens, such as Troell, living in countries around the world for kidnapping and execution both to repress and silence dissidents critical of the regime and to take vengeance for the death of Qasem Soleimani. This office will not stand by when an American is attacked and murdered in cold blood, and we will continue working with our law enforcement partners to bring Nouri to justice.”

“As alleged in the complaint, Nouri facilitated Troell’s murder. He gathered information and coordinated with a co-conspirator to procure supplies that operatives relied on during their attack on Troell,” said Assistant Director in Charge David Sundberg of the FBI Washington Field Office. “The FBI will continue to work with our law enforcement partners to bring IRGC operatives, including Nouri’s co-conspirator, to justice for harming Americans.”

According to court documents, the Government of the Islamic Republic of Iran (Iran) is actively targeting nationals of the United States and its allies living in countries around the world for kidnapping and/or execution both to repress and silence dissidents critical of the Iranian regime and to take vengeance for the January 2020 death of then-Commander of the IRGC-Qods Force (IRGC-QF), Qasem Soleimani, who was killed by a U.S. drone strike in Baghdad. The IRGC is an Iranian military and counterintelligence agency under the authority of Iran’s Supreme Leader, comprised of components including an external operations force, the IRGC-QF, and has been designated as a foreign terrorist organization by the U.S. Secretary of State since April 15, 2019. The IRGC has publicly stated its desire to avenge the death of Soleimani, and, among its activities, the IRGC plots and conducts attack operations outside Iran targeting U.S. citizens residing in the United States and abroad. In November 2022, the Iranian regime struck in Iraq: a group of operatives working on behalf of the IRGC brutally murdered Stephen Troell, a 45-year-old American living in Baghdad, where he worked at an English language institute, as Troell was driving home with his wife after work.

Nouri is an IRGC Captain who works for the IRGC in Iraq and is involved in the IRGC’s external attack plotting against U.S. citizens and others. Nouri played a key role in the IRGC’s targeting and ultimate murder of Troell, whom Nouri appears to have believed was working as an American or Israeli intelligence officer. Nouri, on behalf of the IRGC, collected critical, highly personal information about Troell to facilitate stalking, attacking, and ultimately killing Troell. Nouri, with the assistance of co-conspirators, developed a source with access to details of Troell’s life and daily routine. With this information, Nouri created intelligence documents for his IRGC associates and a group of operatives recruited to execute the attack, which included Troell’s date of birth, coordinates of his residence, occupation, work schedule, telephone number, wife’s name, and children’s names, among other information. In the weeks leading up to the murder, Nouri coordinated with one of his co-conspirators (CC-1) in the plot targeting Troell to procure some of the means for attacking Troell, including firearms as well as a vehicle for use in the lethal attack on Troell. On the evening of Nov. 7, 2022, the group of recruited operatives carried out the attack. Troell was driving home from work with his wife when heavily armed gunmen in two cars forced the Troells to stop shortly before they reached their residence, blocked any possible escape route, approached Troell on the driver’s side, and, using an assault weapon, shot and killed Troell as his wife witnessed the attack in the passenger seat.   

On the day of the murder, Nouri coordinated with CC-1 shortly before and immediately after the attack. Nouri and CC-1 spoke repeatedly in the hours leading up to the attack. Less than a half hour after the attack, Nouri sent CC-1 encrypted messages inquiring about the wellbeing of the operatives tasked with carrying out the hit on Troell, asking, “The guys are fine?” and “They are doing well?” to which CC-1 responded, “One is injured.”  As the night went on, CC-1 continued to update Nouri, noting that “two so far” of the operatives on the hit squad — whom Nouri referred to as “our guys” — had gathered safely since the murder, that “the rest are on the way,” and that the injury sustained by one of their confederates was “slight.”  In the course of these encrypted messages, Nouri and CC-1 celebrated the events of the day and their success. That night, after the murder, Nouri left Iraq for Iran. Shortly before departing Baghdad, Nouri visited a religious site associated with mourning for Soleimani’s death.

Following the murder, approximately nine of the operatives on the hit squad also left Iraq and entered Iran, where they joined Nouri. In Iran, Nouri arranged housing for the operatives, providing them safe harbor in the aftermath of the murder. Nouri and another IRGC official addressed the operatives during their stay in Iran, offered their blessings to the hit squad, and told them that Troell was purportedly a spy on behalf of America and Israel, that Troell threatened Islam by attracting Iraqi youths to the Jewish religion and spreading it in Iraq, and that Troell therefore deserved to be murdered.

In March 2023, Iraqi authorities arrested Nouri, and he was subsequently convicted by an Iraqi court for his role in Troell’s murder. Nouri remains in custody in Iraq.

Nouri has been charged with conspiring to provide material support to a foreign terrorist organization resulting in death, and faces a maximum penalty of life in prison; providing material support to a foreign terrorist organization resulting in death, and faces a maximum penalty of life in prison; conspiring to provide material support for acts of terrorism resulting in death, and faces a maximum penalty of life in prison; providing material support for acts of terrorism resulting in death, and faces a maximum penalty of life in prison; conspiring to take hostages, and faces a maximum penalty of life in prison; conspiring to murder U.S. nationals outside the United States, and faces a maximum penalty of life in prison; murdering a U.S. national outside the United States, and faces a maximum penalty of death or life in prison; and  causing death through the use of a firearm, and faces a maximum penalty of death or life in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI Washington Field Office’s Counterterrorism Division is investigating the case. The Justice Department’s Office of International Affairs; Justice Department’s Attaché in Iraq; FBI Legal Attaché office in Iraq; Iraqi authorities; and U.S. Attorney’s Office for the District of Columbia provided valuable assistance.

Assistant U.S. Attorneys Jacob H. Gutwillig, Matthew J.C. Hellman, and Kyle A. Wirshba for the Southern District of New York and Trial Attorneys Joshua Champagne and Timothy J. Reardon III of the National Security Division’s Counterterrorism Section are prosecuting the case.

A complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Source: United States Department of Justice

Note: A copy of the superseding criminal complaint can be found here.

A superseding criminal complaint filed in the District of New Jersey was unsealed today charging a dual Russian and Israeli national for being a developer of the LockBit ransomware group.

In August, Rostislav Panev, 51, a dual Russian and Israeli national, was arrested in Israel pursuant to a U.S. provisional arrest request with a view towards extradition to the United States. Panev is currently in custody in Israel pending extradition on the charges in the superseding complaint.

“The Justice Department’s work going after the world’s most dangerous ransomware schemes includes not only dismantling networks, but also finding and bringing to justice the individuals responsible for building and running them,” said Attorney General Merrick B. Garland. “Three of the individuals who we allege are responsible for LockBit’s cyberattacks against thousands of victims are now in custody, and we will continue to work alongside our partners to hold accountable all those who lead and enable ransomware attacks.”

“The arrest of Mr. Panev reflects the Department’s commitment to using all its tools to combat the ransomware threat,” said Deputy Attorney General Lisa Monaco. “We started this year with a coordinated international disruption of LockBit — the most damaging ransomware group in the world. Fast forward to today and three LockBit actors are in custody thanks to the diligence of our investigators and our strong partnerships around the world. This case is a model for ransomware investigations in the years to come.”

“The arrest of alleged developer Ratislav Panev is part of the FBI’s ongoing efforts to disrupt and dismantle the LockBit ransomware group, one of the most prolific ransomware variants across the globe,” said FBI Director Christopher Wray. “The LockBit group has targeted both public and private sector victims around the world, including schools, hospitals, and critical infrastructure, as well as small businesses and multi-national corporations.  No matter how hidden or advanced the threat, the FBI remains committed to working with our interagency partners to safeguard the cyber ecosystem and hold accountable those who are responsible for these criminal activities.” 

“The criminal complaint alleges that Rotislav Panev developed malware and maintained the infrastructure for LockBit, which was once the world’s most destructive ransomware group and attacked thousands of victims, causing billions of dollars in damage,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “Along with our domestic and international law enforcement partner actions to dismantle LockBit’s infrastructure, the Criminal Division has disrupted LockBit’s operations by charging seven of its key members (including affiliates, developers, and its administrator) and arresting three of these defendants — including Panev. We are especially grateful for our partnerships with authorities in Europol, the United Kingdom, France, and Israel, which show that, when likeminded countries work together, cybercriminals will find it harder to escape justice.”

“As alleged by the complaint, Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit coconspirators to wreak havoc and cause billions of dollars in damage around the world,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “But just like the six other LockBit members previously identified and charged by this office and our FBI and Criminal Division partners, Panev could not remain anonymous and avoid justice indefinitely. He must now answer for his crimes. Today’s announcement represents another blow struck by the United States and our international partners against the LockBit organization, and our efforts will continue relentlessly until the group is fully dismantled and its members brought to justice.”

According to the superseding complaint, documents filed in this and related cases, and statements made in court, Panev acted as a developer of the LockBit ransomware group from its inception in or around 2019 through at least February 2024. During that time, Panev and his LockBit coconspirators grew LockBit into what was, at times, the most active and destructive ransomware group in the world. The LockBit group attacked more than 2,500 victims in at least 120 countries around the world, including 1,800 in the United States. Their victims ranged from individuals and small businesses to multinational corporations, including hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies. LockBit’s members extracted at least $500 million in ransom payments from their victims and caused billions of dollars in other losses, including lost revenue and costs from incident response and recovery.

LockBit’s members comprised “developers,” like Panev, who designed the LockBit malware code and maintained the infrastructure on which LockBit operated. LockBit’s other members, called “affiliates,” carried out LockBit attacks and extorted ransom payments from LockBit victims. LockBit’s developers and affiliates would then split ransom payments extorted from victims.

As alleged in the superseding complaint, at the time of Panev’s arrest in Israel in August, law enforcement discovered on Panev’s computer administrator credentials for an online repository that was hosted on the dark web and stored source code for multiple versions of the LockBit builder, which allowed LockBit’s affiliates to generate custom builds of the LockBit ransomware malware for particular victims. On that repository, law enforcement also discovered source code for LockBit’s StealBit tool, which helped LockBit affiliates exfiltrate data stolen through LockBit attacks. Law enforcement also discovered access credentials for the LockBit control panel, an online dashboard maintained by LockBit developers for LockBit’s affiliates and hosted by those developers on the dark web.

The superseding complaint also alleges that Panev exchanged direct messages through a cybercriminal forum with LockBit’s primary administrator, who, in an indictment unsealed in the District of New Jersey in May, the United States alleged to be Dimitry Yuryevich Khoroshev (Дмитрий Юрьевич Хорошев), also known as LockBitSupp, LockBit, and putinkrab. In those messages, Panev and the LockBit primary administrator discussed work that needed to be done on the LockBit builder and control panel.

Court documents further indicate that, between June 2022 and February 2024, the primary LockBit administrator made a series of transfers of cryptocurrency, laundered through one or more illicit cryptocurrency mixing services, of approximately $10,000 per month to a cryptocurrency wallet owned by Panev. Those transfers amounted to over $230,000 during that period.

In interviews with Israeli authorities following his arrest in August, Panev admitted to having performed coding, development, and consulting work for the LockBit group and to having received regular payments in cryptocurrency for that work, consistent with the transfers identified by U.S. authorities. Among the work that Panev admitted to having completed for the LockBit group was the development of code to disable antivirus software; to deploy malware to multiple computers connected to a victim network; and to print the LockBit ransom note to all printers connected to a victim network. Panev also admitted to having written and maintained LockBit malware code and to having provided technical guidance to the LockBit group.

The LockBit Investigation

The superseding complaint against, and apprehension of, Panev follows a disruption of LockBit ransomware in February by the United Kingdom (U.K.)’s National Crime Agency (NCA)’s Cyber Division, which worked in cooperation with the Justice Department, FBI, and other international law enforcement partners. As previously announced by the Department, authorities disrupted LockBit by seizing numerous public-facing websites used by LockBit to connect to the organization’s infrastructure and by seizing control of servers used by LockBit administrators, thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data. That disruption succeeded in greatly diminishing LockBit’s reputation and its ability to attack further victims, as alleged by documents filed in this case.

The superseding complaint against Panev also follows charges brought in the District of New Jersey against other LockBit members, including its alleged primary creator, developer, and administrator, Dmitry Yuryevich Khoroshev. An indictment against Khoroshev unsealed in May alleges that Khoroshev began developing LockBit as early as September 2019, continued acting as the group’s administrator through 2024, a role in which Khoroshev recruited new affiliate members, spoke for the group publicly under the alias “LockBitSupp,” and developed and maintained the infrastructure used by affiliates to deploy LockBit attacks. Khoroshev is currently the subject of a reward of up to $10 million through the U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program, with information accepted through the FBI tip website at www.tips.fbi.gov/.

A total of seven LockBit members have now been charged in the District of New Jersey. Beyond Panev and Khoroshev, other previously charged LockBit defendants include:

• In July, two LockBit affiliate members, Mikhail Vasiliev, also known as Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110, and Ruslan Astamirov, also known as BETTERPAY, offtitan, and Eastfarmer, pleaded guilty in the District of New Jersey for their participation in the LockBit ransomware group and admitted deploying multiple LockBit attacks against U.S. and foreign victims. Vasiliev and Astamirov are presently in custody awaiting sentencing.
• In February, in parallel with the disruption operation described above, an indictment was unsealed in the District of New Jersey charging Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous victims throughout the United States, including businesses nationwide in the manufacturing and other industries, as well as victims around the world in the semiconductor and other industries. Sungatov and Kondratyev remain at large.
• In May 2023, two indictments were unsealed in Washington, D.C., and the District of New Jersey charging Mikhail Matveev, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, with using different ransomware variants, including LockBit, to attack numerous victims throughout the United States, including the Washington, D.C., Metropolitan Police Department. Matveev remains at large and is currently the subject of a reward of up to $10 million through the U.S. Department of State’s TOC Rewards Program, with information accepted through the FBI tip website at www.tips.fbi.gov/.

The U.S. Department of State’s TOC Rewards Program is offering rewards of:

Information is accepted through the FBI tip website at tips.fbi.gov.

Khoroshev, Matveev, Sungatov, and Kondratyev have also been designated for sanctions by the Department of the Treasury’s Office of Foreign Assets Control for their roles in launching cyberattacks.

Victim Assistance

LockBit victims are encouraged to contact the FBI and submit information at www.ic3.gov/. As announced by the Department in February, law enforcement, through its disruption efforts, has developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant. Submitting information at the IC3 site will enable law enforcement to determine whether affected systems can be successfully decrypted.

LockBit victims are also encouraged to visit www.justice.gov/usao-nj/lockbit for case updates and information regarding their rights under U.S. law, including the right to submit victim impact statements and request restitution, in the criminal litigation against Panev, Astamirov, and Vasiliev.

The FBI Newark Field Office, under the supervision of Acting Special Agent in Charge Nelson I. Delgado, is investigating the LockBit ransomware variant. Israel’s Office of the State Attorney, Department of International Affairs, and Israel National Police; France’s Gendarmerie Nationale Cyberspace Command, Paris Prosecution Office — Cyber Division, and judicial authorities at the Tribunal Judiciare of Paris; Europol; Eurojust; the U.K.’s NCA; Germany’s Landeskriminalamt Schleswig-Holstein, Bundeskriminalamt, and the Central Cybercrime Department North Rhine-Westphalia; Switzerland’s Federal Office of Justice, Public Prosecutor’s Office of the Canton of Zurich, and Zurich Cantonal Police; Spain’s Policia Nacional and Guardia Civil; Japan’s National Police Agency; Australian Federal Police; Sweden’s Polismyndighetens; Canada’s Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant of the Netherlands; and Finland’s National Bureau of Investigation have provided significant assistance and coordination in these matters and in the LockBit investigation generally.

Trial Attorneys Debra Ireland and Jorge Gonzalez of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Andrew M. Trombly, David E. Malagold, and Vinay Limbachia for the District of New Jersey are prosecuting the charges against Panev and the other previously charged LockBit defendants in the District of New Jersey.

The Justice Department’s Cybercrime Liaison Prosecutor to Eurojust, Office of International Affairs, and National Security Division also provided significant assistance.

Additional details on protecting networks against LockBit ransomware are available at StopRansomware.gov. These include Cybersecurity and Infrastructure Security Agency Advisories AA23-325A, AA23-165A, and AA23-075A. 

A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.