Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Ukrainian ransomware administrator Volodymyr Tymoshchuk indicted for global cyberattacks

Prosecutors say Tymoshchuk customized malware to lock networks and collected a share of ransom proceeds.

byAytun Çelebi
September 12, 2025
in Cybersecurity

The U.S. District Court for the Eastern District of New York has unsealed an indictment against Volodymyr Viktorovich Tymoshchuk, a Ukrainian national, for his alleged role as administrator in multiple ransomware schemes. Tymoshchuk, operating under aliases including deadforz, Boba, msfv, and farnetwork, faces charges related to LockerGoga, MegaCortex, and Nefilim ransomware operations that targeted hundreds of companies worldwide.

Volodymyr Tymoshchuk ransomware operations targeted 250 US companies and hundreds globally

According to court documents, Tymoshchuk allegedly utilized LockerGoga, MegaCortex, and Nefilim ransomware variants between December 2018 and October 2021 to encrypt computer networks across multiple countries. The affected locations include the Eastern District of New York, other U.S. regions, France, Germany, the Netherlands, Norway, and Switzerland.

Between July 2019 and June 2020, Tymoshchuk and co-conspirators allegedly compromised over 250 victim companies in the United States and hundreds more worldwide using LockerGoga and MegaCortex ransomware variants.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Custom ransomware executable files ensured victim dependency

The attacks involved customizing ransomware executable files for each specific victim, generating unique decryption keys tailored to individual networks. This customization ensured only the perpetrators possessed the means to unlock encrypted files.

Standard decryption tools proved ineffective against these customized attacks. Only decryption tools provided by Tymoshchuk or other operation members could restore compromised data, effectively holding victim data hostage until ransom demands were met.

Law enforcement intervention prevented many attacks

Despite the extensive targeting, many extortion attempts failed because law enforcement notified victims that their networks had been compromised before ransomware deployment. This early intervention prevented data encryption and limited attack success rates.

Acting Assistant Attorney General Matthew R. Galeotti noted that “In some instances, these attacks resulted in the complete disruption of business operations until encrypted data could be recovered or restored.”

Nefilim ransomware administrator role revealed

From July 2020 through October 2021, Tymoshchuk allegedly served as one of the Nefilim ransomware strain administrators. In this role, he provided ransomware access to other affiliates, including co-defendant Artem Stryzhak, who was extradited from Spain.

In exchange for providing Nefilim ransomware access, Tymoshchuk and other administrators received 20 percent of ransom proceeds from victims, illustrating the hierarchical structure and financial incentives driving the scheme.

International cooperation leads to decryption key release

In September 2022, an international coordinated effort against LockerGoga and MegaCortex ransomware resulted in the release of decryption keys through the “No More Ransomware Project.” This initiative enabled victims to decrypt compromised computers without paying ransoms.

The decryption key release significantly reduced these ransomware strains’ effectiveness and provided relief to numerous victims previously held hostage by the cyberattacks.

How to report ransomware attacks and suspicious activity

Organizations and individuals can report ransomware attacks or provide information about these cybercriminals:

  • Contact the FBI directly at +1-917-242-1407,
  • Email information to [email protected],
  • Contact your local FBI field office if in the United States,
  • Visit the nearest U.S. embassy if outside the United States,
  • Report attacks immediately to help dismantle ransomware networks.

$11 million reward offered for arrest information

The U.S. Department of State’s Transnational Organized Crime Rewards Program offers up to $11 million for information leading to Tymoshchuk’s arrest and conviction or location. This reward program incentivizes individuals with knowledge of the ransomware operation to provide assistance.

Tymoshchuk faces multiple charges including conspiracy to commit fraud, intentional damage to protected computers, unauthorized access, and transmitting threats to disclose confidential information. The FBI continues investigating this case with international cooperation from authorities in France, Czech Republic, Germany, Lithuania, Luxembourg, Netherlands, Norway, Switzerland, Ukraine, Europol, and Eurojust.


Featured image credit

Tags: CybersecurityVolodymyr Tymoshchuk

Related Posts

Google’s Live Threat Detection is reportedly coming to more Android phones

Google’s Live Threat Detection is reportedly coming to more Android phones

October 23, 2025
Meta’s latest update focuses on protecting older users from scams

Meta’s latest update focuses on protecting older users from scams

October 22, 2025
US judge bans NSO Group from targeting WhatsApp users with Pegasus spyware

US judge bans NSO Group from targeting WhatsApp users with Pegasus spyware

October 21, 2025
AWS outage: A complete list of every site and app that went down

AWS outage: A complete list of every site and app that went down

October 20, 2025
Windows 11’s new security patch is a system-breaking disaster, fix it now

Windows 11’s new security patch is a system-breaking disaster, fix it now

October 20, 2025
Discord confirms support vendor hack exposing user data and government IDs

Discord confirms support vendor hack exposing user data and government IDs

October 20, 2025

LATEST NEWS

Is ChatGPT down again? Reports indicate ongoing outage

Path of Exile: Keepers of the Flame will be the Breach 2.0!

Google Meet now lets you move people in and out of meetings like a lobby

Sam Altman: AI will cause “strange or scary moments”

Anthropic gives Claude a real memory and lets users edit it directly

Nissan’s Sakura EV gets a solar roof that adds 1,800 miles a year

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.