A Ukrainian man linked to one of the most destructive ransomware campaigns in recent years has now been singled out as a high-priority fugitive, and authorities across Europe and the United States are urging the public to come forward with information.
Investigators say Tymoshchuk Volodymyr Viktorovych, who also used the aliases Deadforz, Boba, Farnetwork, Msfv and Volotmsk, helped deploy the LockerGoga ransomware between 2018 and 2020.
During that period, hundreds of companies were targeted, with damages estimated at more than 18 billion dollars worldwide. Victims were often left with two choices including pay extortion demands or face business disruption.
Authorities describe Tymoshchuk as dangerous and connected to an organised crime network with specialists at every level. Investigators have mapped out the group, pointing to “malware developers, intrusion experts and money launderers” who converted ransom payments into usable funds. Several of his associates have already been arrested in Ukraine, but Tymoshchuk himself remains at large.
Profile on EU Most Wanted Portal
His profile is now featured on the EU Most Wanted portal, a platform to engage the public in tracking fugitives across Europe. Law enforcement agencies are calling for tips, while Europol continues to provide operational support to countries pursuing the case.
Tymoshchuk is described as 180 cm tall, with brown eyes, and fluent in Ukrainian. Born on October 2, 1996, he is wanted by France for computer-related crimes, extortion and racketeering. His profile was published on September 9, 2025, and remains active as the investigation continues.
LockerGoga, MegaCortex and Nefilim: US Charges Against Tymoshchuk
According to Europol’s press release, authorities have facilitated cooperation among agencies in France, Germany, the Netherlands, Norway, Switzerland, Ukraine, the United Kingdom and the United States.
The US Department of Justice has even placed a reward of up to $11 million for the fugitive’s capture, highlighting how seriously authorities are treating the case. In fact, US prosecutors have gone further than their European counterparts by charging Tymoshchuk as an administrator not just of LockerGoga but also of the MegaCortex and Nefilim ransomware families.
According to the indictment, he and his associates ran campaigns between 2018 and 2021 that targeted more than 250 companies in the United States and many others abroad. The charges accuse him of coordinating breaches, deploying ransomware to cripple networks, and demanding payments under threats of leaking sensitive data.
