US Charges Ukrainian Ransomware Leader Targeting Hundreds Worldwide

Volodymyr Viktorovich Tymoshchuk, a Ukrainian national, has been charged by the U.S. Department of Justice for his role as the administrator of the ransomware variants LockerGoga, MegaCortex, and Nefilim, which targeted over 250 companies in the United States and hundreds more worldwide, causing millions to billions of dollars in damages. The ransomware attacks, occurring between December 2018 and October 2021, involved encrypting victim computer networks and demanding ransoms in exchange for decryption keys, severely disrupting business operations, including the notable 2019 Norsk Hydro attack. Tymoshchuk, also known by several aliases such as deadforz and Boba, is accused of continuously developing new ransomware strains to evade law enforcement efforts. The U.S. government has coordinated internationally to unmask and prosecute him and is offering up to $11 million through the State Department’s Transnational Organized Crime Rewards Program for information leading to his arrest. Authorities emphasize their commitment to protecting businesses from digital extortion and sabotage, pursuing criminals regardless of their location. Tymoshchuk remains at large, and the investigation continues with significant rewards to aid in his capture.