The U.S. District Court for the Eastern District of New York has unsealed a superseding indictment against a Ukrainian national, charging him with his alleged role as an administrator in the LockerGoga, MegaCortex, and Nefilim ransomware operations.
The schemes reportedly extorted over 250 companies in the United States and hundreds more across the globe, causing millions of dollars in damages.
The defendant, Volodymyr Viktorovich Tymoshchuk, also known by aliases such as “deadforz,” “Boba,” “msfv,” and “farnetwork,” is facing multiple charges for his involvement in these widespread cyberattacks.
“Volodymyr Tymoshchuk is charged for his role in ransomware schemes that extorted more than 250 companies across the United States and hundreds more around the world,” stated Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division.
He added that the attacks sometimes led to the complete disruption of business operations until the victims could recover or restore their encrypted data.
According to the indictment, between December 2018 and October 2021, Tymoshchuk and his co-conspirators deployed the LockerGoga, MegaCortex, and Nefilim ransomware variants to encrypt computer networks in the U.S., France, Germany, the Netherlands, Norway, and Switzerland.
The attackers customized the ransomware for each victim, ensuring that the decryption key was unique. If a victim paid the ransom, they would receive a tool to unlock their files.
“Tymoshchuk is a serial ransomware criminal who targeted blue-chip American companies, health care institutions, and large foreign industrial firms, and threatened to leak their sensitive data online if they refused to pay,” said U.S. Attorney Joseph Nocella Jr. for the Eastern District of New York.
From July 2019 to June 2020, the group allegedly compromised the networks of hundreds of companies with LockerGoga and MegaCortex.
However, law enforcement successfully thwarted many of these attacks by notifying victims before the ransomware could be fully deployed.
Following the initial wave of attacks, Tymoshchuk is alleged to have become an administrator for the Nefilim ransomware from July 2020 to October 2021.
He and other administrators provided the ransomware to affiliates, including co-defendant Artem Stryzhak, in exchange for a 20% cut of the ransom proceeds.
Stryzhak was previously extradited from Spain and faces charges in the same district. The charges against Tymoshchuk include conspiracy to commit computer fraud, intentional damage to a protected computer, and transmitting threats to disclose confidential information.
The investigation, led by the FBI, is part of a broader international effort involving authorities in France, the Czech Republic, Germany, Lithuania, Luxembourg, the Netherlands, Norway, Switzerland, and Ukraine, with support from Europol and Eurojust.
In a significant blow to the ransomware groups, decryption keys for LockerGoga and MegaCortex were released to the public in September 2022 through the “No More Ransomware Project,” allowing victims to recover their data without paying a ransom.
Concurrent with the indictment, the U.S. Department of State’s Transnational Organized Crime Rewards Program is offering a reward of up to $11 million for information leading to the arrest, conviction, or location of Tymoshchuk or his conspirators.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
