Skip to content
- Ukrainian hacker admits role in years-long ransomware attacks across the US and Europe.
- Nefilim ransomware group used data theft and encryption to extort over $100M annually.
- Authorities seek fugitive partner with $11M reward as global crackdown continues.
A Ukrainian national has pleaded guilty to crimes tied to a long-running ransomware campaign that targeted companies across the United States and Europe. Prosecutors said the operation relied on data theft, network encryption, and extortion to force payments from corporate victims. The attacks stretched over several years and caused millions of dollars in financial and operational damage.
The defendant, Artem Aleksandrovych Stryzhak, is a 35-year-old Ukrainian citizen. Authorities said he took part in ransomware attacks from 2018 through late 2021. He admitted to conspiracy to commit fraud and extortion. Prosecutors said the scheme focused on high-revenue companies that could afford large ransom demands.
Stryzhak was arrested in Spain in June 2024 after an international law enforcement effort. He was later extradited to the United States in April. The case is being prosecuted in the Eastern District of New York. If convicted at sentencing, he faces up to ten years in federal prison.
Nefilim Ransomware Tactics and Network Intrusions
According to U.S. Attorney Joseph Nocella, Stryzhak used the Nefilim ransomware strain to carry out attacks. Prosecutors said the group broke into corporate networks and stole sensitive files. They then encrypted internal systems. Victims were told their data would remain locked or be leaked unless payment was made.
According to the officials, Stryzhak was an administrator of the Nefilim ransomware group. Researchers associated him with various ransomware groups that operated around the same time. The group tailored ransomware to the victims. They made special encryption keys and ransom notes. The approach put more strain and reduced the range of recovery.
Also Read: Upbit Transfers Users’ $30M Funds to Cold Storage Following Major Hack
Authorities are still hunting down Stryzhak in search of his alleged partner, Volodymyr Tymoshchuk. He remains a fugitive. The U.S. government has announced a reward of up to $11 million for information that would lead to his arrest. According to prosecutors, they are still working towards getting him into the custody of the U.S.
Court Records Reveal Global Reach of Ransomware Attacks
According to court filings, the company targeted businesses in the United States, Australia, and Canada. The prosecutors estimated that the operation made over $100 million every year. Victims were threatened to publish stolen information in case they did not pay. Numerous companies suffered permanent damage to their systems and reputation.
Victims in the US included an engineering consultancy firm in France, an airline company in New York, and a chemical company in Ohio. The group also targeted an Illinois-based insurance company, a Texas-based construction firm, and a Missouri-based pet care company. Other targets of the group were an international eyewear company and an oil and gas transportation company.
According to prosecutors, the assailants researched their victims thoroughly over the internet before reaching out. They examined the size, net worth, and operational significance of companies.
Once they had breached networks, they found key decision-makers and initiated negotiations. According to court records, Stryzhak became a member of the Nefilim operation later in June 2021 after he was given the ransomware code in exchange for 20% of his future ransom payment.
Also Read: Bitcoin Ransom Bomb Threat Sparks Emergency Search at Hyundai Headquarters
