Ukrainian Ransomware Administrator Charged over LockerGoga, MegaCortex & Nefilim Attacks

OpusDatum
5 days ago
2 min read

U.S. Department of Justice seal features an eagle with a shield, clutching arrows and an olive branch. Latin text: "Qui Pro Domina Justitia Sequitur."

A Ukrainian national has been charged in New York for serving as an administrator in three notorious ransomware schemes — LockerGoga, MegaCortex and Nefilim — that targeted hundreds of companies worldwide and caused millions in financial losses.

Volodymyr Viktorovich Tymoshchuk, known online as deadforz, Boba, msfv and farnetwork, is accused of orchestrating ransomware campaigns that crippled businesses across the United States, France, Germany, the Netherlands, Norway and Switzerland. According to the indictment, Tymoshchuk and his co-conspirators encrypted corporate networks and demanded ransom payments in exchange for decryption keys. Victims included blue-chip American companies, health care institutions and foreign industrial firms.

Between 2019 and 2020, Tymoshchuk allegedly used LockerGoga and MegaCortex to compromise more than 250 companies in the United States and hundreds more internationally. Many attacks were foiled after law enforcement warned victims before ransomware could be deployed. From 2020 to 2021, he allegedly acted as an administrator of the Nefilim strain, granting affiliates access in return for 20 percent of ransom proceeds.

The Justice Department highlighted that these attacks not only caused significant disruption to business operations but also inflicted severe costs in remediation and recovery. Officials stressed that Tymoshchuk repeatedly sought to extort companies by threatening to leak sensitive data if payments were not made.

A major breakthrough came in September 2022, when law enforcement and private-sector partners released free decryption keys for LockerGoga and MegaCortex through the No More Ransomware Project. This enabled many victims to restore access to their systems without paying ransoms.

Tymoshchuk faces multiple charges including conspiracy to commit fraud, intentional damage to protected computers, unauthorised access, and transmitting threats to disclose confidential information. If convicted, he faces a lengthy prison term.

The FBI is leading the investigation with support from international partners including Europol, Eurojust and law enforcement agencies across Europe. The US State Department has announced a reward of up to 11 million dollars for information leading to the arrest or conviction of Tymoshchuk or his co-conspirators under the Transnational Organized Crime Rewards Program.

Read the press release here.