A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison.
43-year-old Oleksii Oleksiyovych Lytvynenko allegedly controlled data stolen from many of Conti victims and was involved in sending ransom notes as part of the cybercrime’s double extortion attacks between 2020 and June 2022.
Lytvynenko was arrested by the Irish national police (An Garda Síochána) in July 2023, at the request of the United States. An Irish court subsequently detained the defendant while awaiting extradition proceedings, which concluded this month.
According to court documents, Lytvynenko was involved in various other cybercrime schemes up until his arrest in Ireland in 2023, in addition to his involvement with Conti.
Lytvynenko could face up to 20 years in prison for wire fraud conspiracy and 5 years for computer fraud conspiracy if convicted..
The Russian-based Conti cybercrime gang launched this ransomware operation in 2020, replacing the Ryuk ransomware group. Over time, Conti evolved into a cybercrime syndicate, assuming control over the development of multiple malware operations, including TrickBot and BazarBackdoor.
While the group has shut down the ‘Conti’ brand, its members have split into smaller cells and infiltrated or taken over other ransomware or cybercrime operations, including BlackCat, Black Basta, ZEON, Hello Kitty, Hive, AvosLocker, Quantum, BlackByte, Karakurt, and the Bazarcall collective.
The Department of Justice has linked the Conti ransomware operation to over 1,000 victims worldwide and has received ransom payments of more than $150 million as of January 2022. Additionally, Conti’s malware was used in more critical infrastructure attacks than any other ransomware variant, according to FBI estimates.
“Lytvynenko conspired to deploy Conti ransomware against victims in the United States and across the globe, extorting millions in cryptocurrency and amassing a trove of stolen data,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division in a Thursday press release.
“The conspirators allegedly extorted more than $500,000 in cryptocurrency from two victims in the Middle District of Tennessee, and published information stolen from a third victim in that District,” the Justice Department added.
In September 2023, the U.S. and the United Kingdom also sanctioned and charged nine Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations for attacks against more than 900 victims worldwide.
Seven other TrickBot/Conti members were sanctioned in February 2023, following the leak of a massive trove of personal information and internal conversations belonging to Conti and TrickBot members, known as the ContiLeaks and TrickLeaks.
In May 2025, the Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) also doxed the leader of the Trickbot and Conti cybercrime gangs, claiming he is a 36-year-old Russian named Vitaly Nikolaevich Kovalev using the alias “Stern.”
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
