Conti Ransomware Suspect Extradited from Ireland to the US to Face Charges
Published
- Extradition confirmed: A Ukrainian national has been extradited from Ireland to the U.S. to face charges for his alleged role in the Conti ransomware conspiracy.
- Massive Global Impact: The Conti ransomware variant targeted over 1,000 victims worldwide, extorting at least $150 million in ransom payments as of January 2022.
- Serious Charges: The individual is charged with computer fraud conspiracy and wire fraud conspiracy, facing a maximum of 5 and 20 years in prison, respectively.
A Ukrainian national, Oleksii Oleksiyovych Lytvynenko, 43, has been extradited from Ireland to the United States to face charges related to his alleged involvement with the prolific Conti ransomware group. Lytvynenko is accused of conspiring with others between 2020 and June 2022 to deploy the Conti variant against numerous victims.
This extradition marks a significant step in the international effort to dismantle major cybercrime operations.
The Scale and Impact of Conti Ransomware Attacks
According to a 2023 indictment, the Ukrainian national charged is alleged to have controlled data stolen from victims and participated in deploying ransom notes on compromised systems.
“The defendant allegedly participated in a conspiracy to extort approximately $150 million in ransomware payments responsible for defrauding victims in almost every U.S. state and from over 24 countries worldwide,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division.
“Lytvynenko conspired to deploy Conti ransomware against victims in the U.S. and across the globe, extorting millions in cryptocurrency and amassing a trove of stolen data,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division.
The Conti ransomware operation was one of the most destructive of its time, responsible for attacks on more than 1,000 entities across the globe. Victims were located in approximately 47 U.S. states and 31 foreign countries. In 2021, Conti was identified as the most active ransomware variant targeting critical infrastructure.
The conspiracy allegedly extorted over $500,000 in cryptocurrency from just two victims in the Middle District of Tennessee, where the case is being prosecuted.
International Cooperation Leads to Cybercrime Prosecution
Lytvynenko’s arrest and extradition highlight the crucial role of international law enforcement cooperation in cybercrime prosecution. He was arrested in Cork, Ireland, in July 2023 by An Garda Síochána at the request of the U.S.
Following his arrest, he was detained pending extradition proceedings that concluded this month. Lytvynenko now faces charges of computer fraud conspiracy and wire fraud conspiracy.
In June, hackers published photos and details of 12 cybercriminals connected to Conti and Trickbot ransomware. In December 2024, notorious Russian hacker Mikhail Pavlovich Matveev was apprehended for connections to Conti, LockBit, Hive, and other ransomware.
In September 2023, authorities unsealed an indictment charging four other Conti conspirators, when a federal grand jury returned an indictment charging Trickbot-connected Russian nationals, with the first four also linked to Conti:
- Maksim Galochkin, aka Bentley;
- Maksim Rudenskiy, aka Buza;
- Mikhail Mikhailovich Tsarev, aka Mango;
- Andrey Yuryevich Zhuykov, aka Defender;
- Dmitry Putilin, aka Grad and Staff;
- Sergey Loguntsov, aka Begemot and Zulas;
- Max Mikhaylov, aka Baget;
- Valentin Karyagin, aka Globus;
- Maksim Khaliullin, aka Maxfax, Maxhax, and Kagas.
U.S. authorities emphasized their commitment to pursuing ransomware actors globally and holding them accountable for the extensive damage inflicted upon victims.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular