LockerGoga, Nefilim Ransomware Administrator Charged for Targeting 250 Companies Globally
Published
- Suspected administrator: The DOJ indicted a Ukrainian national believed to be involved in ransomware attacks targeting 250 victims.
- The accusations: The individual was linked to LockerGoga, MegaCortex, and Nefilim ransomware attacks worldwide.
- Nefilim RaaS: The indictment alleges he offered a 20% share of the ransom proceeds to Nefilim affiliates.
The U.S. Department of Justice (DOJ) has unsealed a superseding indictment charging a key LockerGoga ransomware administrator connected to a series of LockerGoga, MegaCortex, and Nefilim ransomware variants cyberattacks, which caused millions of dollars in damages to hundreds of companies worldwide.
Details of the Ransomware Operations
According to the indictment, Ukrainian national Volodymyr Viktorovich Tymoshchuk, also known as deadforz, Boba, msfv, and farnetwork, was involved in ransomware schemes that targeted more than 250 U.S. companies and hundreds more globally between December 2018 and October 2021.
The attacks resulted in significant financial losses from system remediation, operational disruption, and ransom payments. The MegaCortex ransomware attacks, along with LockerGoga, were often thwarted by proactive law enforcement notifications to victims before the ransomware could be fully deployed.
The indictment further alleges that Tymoshchuk was an administrator for the Nefilim ransomware strain, providing other affiliates, including co‑defendant Artem Stryzhak, who was extradited from Spain and faces charges in the U.S., with access to the malware in exchange for a 20% share of the ransom proceeds.
Tymoshchuk faces multiple counts, including conspiracy to commit computer fraud, intentional damage to a protected computer, and transmitting threats.
“Tymoshchuk is a serial ransomware criminal who targeted blue-chip American companies, health care institutions, and large foreign industrial firms, and threatened to leak their sensitive data online if they refused to pay,” said U.S. Attorney Joseph Nocella Jr. for the Eastern District of New York.
“For a time, the defendant stayed ahead of law enforcement by deploying new strains of malicious software when his old ones were decrypted.”
International Cooperation and DOJ Action
This DOJ cybercrime prosecution is the result of extensive international cooperation between the FBI and law enforcement agencies in several European countries, supported by Europol and Eurojust.
As part of this coordinated effort, decryption keys for LockerGoga and MegaCortex were released in September 2022 through the "No More Ransom Project," allowing victims to recover their data without paying a ransom.
The U.S. Department of State has also announced a reward of up to $11 million for information leading to Tymoshchuk's arrest or conviction.
In July, a Chinese state-sponsored hacker was arrested for the HAFNIUM intrusion campaign, while an alleged Scattered Spider member pleaded guilty in April.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular