The US Department of Justice (DoJ) is offering a reward of up to $10 million for information leading to the arrest of a notorious ransomware criminal.
The suspect, Volodymyr Viktorovych Tymoshchuk, is believed to be a leading figure in an organized crime network responsible for the 2019 ransomware attack against a major Norwegian aluminum company, as well as a series of other global cyber attacks.
"The fugitive is wanted by several countries and is considered a top priority target for international law enforcement," said Europol, which has added Tymoshchuk to its EU Most Wanted list.
The 28-year-old Ukrainian national has a series of aliases – Deadforz, Boba, Farnetwork, Msfv, and Volotmsk – and is wanted for computer-related crimes, participation in a criminal organization, and racketeering and extortion.
Between 2018 and 2020, Tymoshchuk and his accomplices took part in the deployment of the LockerGoga ransomware against hundreds of companies, disrupting operations and demanding a ransom.
The group's activities caused more than $18 billion in damage worldwide, Europol said.
“Volodymyr Tymoshchuk is charged for his role in ransomware schemes that extorted more than 250 companies across the United States and hundreds more around the world,” said US acting assistant attorney General Galeotti.
“In some instances, these attacks resulted in the complete disruption of business operations until encrypted data could be recovered or restored."
The international investigation has already led to the arrest of several other members of the criminal network in Ukraine.
According to the DoJ, law enforcement agencies have since mapped the structure of the group, identifying actors at every level – from malware developers and intrusion specialists to the money launderers responsible for handling the illicit proceeds.
The DoJ is also offering a separate reward of up to $1 million for information leading to the “arrest and/or convictions of other key leaders”.
Global damages range in the tens of billions
The group is believed to have carried out attacks against organizations in 71 countries, specifically targeting large corporations and deploying MegaCortex, Nefilim, HIVE, and Dharma ransomware, as well as LockerGoga.
Attacks took place through techniques including brute force attacks, SQL injections, and sending phishing emails with malicious attachments in order to steal usernames and passwords.
Once inside a network, the attackers remained undetected and gained additional access using tools including TrickBot malware, Cobalt Strike, and PowerShell Empire to compromise as many systems as possible before triggering ransomware attacks.
They are believed to have encrypted more than 250 servers belonging to large corporations, resulting in losses exceeding several hundreds of millions of euros.
Who is Volodymyr Viktorovych Tymoshchuk?
Between July 2020 and October 2021, Tymoshchuk was one of the administrators of Nefilim ransomware, a ransomware as a service (RaaS) enterprise that provided tools to affiliates in return for a percentage of the extortionate payments they collected.
Nefilim ransom notes typically threatened the victims that, unless they paid up, the stolen data would be published on the group's publicly accessible Corporate Leaks websites.
“Tymoshchuk is a serial ransomware criminal who targeted blue-chip American companies, health care institutions, and large foreign industrial firms, and threatened to leak their sensitive data online if they refused to pay,” said Joseph Nocella, US attorney for the Eastern District of New York.
“For a time, the defendant stayed ahead of law enforcement by deploying new strains of malicious software when his old ones were decrypted. Today’s charges reflect international coordination to unmask and charge a dangerous and pervasive ransomware actor who can no longer remain anonymous.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employees
- Ransomware victims are refusing to play ball with hackers
- A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims
-
Enterprise AI adoption is about to get the Big Brother treatmentOpinion Worried your staff aren’t using those shiny AI tools you petitioned for? Big tech has you covered
-
Dreamforce 2025: What's an agentic OS?ITPro Podcast NPUs, e-ink, and immersive headsets are the latest hardware innovations for business devices
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
Cyber experts have been warning about AI-powered DDoS attacks – now they’re becoming a realityNews DDoS attackers are flocking to AI tools and solutions to power increasingly devastating attacks
-
Microsoft issues warning over “opportunistic” cyber criminals targeting big businessNews Microsoft has called on governments to do more to support organizations
-
Europol takes down SIM farm network that scammed thousands of victimsNews The sophisticated operation led to crimes from simple phishing to investment fraud
-
Thousands of exposed civil servant passwords are up for grabs onlineNews While the password security failures are concerning, they pale in comparison to other nations
-
77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thingNews A new report uncovers worrying complacency amongst IT and security leaders
-
Hackers stole source code, bug details in disastrous F5 security incident – here’s everything we know and how to protect yourselfNews CISA has warned the F5 security incident presents a serious threat to federal networks
