Ukrainian ransomware administrator Volodymyr Tymoshchuk indicted for global cyberattacks
The U.S. District Court for the Eastern District of New York has unsealed an indictment against Volodymyr Viktorovich Tymoshchuk, a Ukrainian national, for his alleged role as administrator in multiple ransomware schemes. Tymoshchuk, operating under aliases including deadforz, Boba, msfv, and farnetwork, faces charges related to LockerGoga, MegaCortex, and Nefilim ransomware operations that targeted hundreds of companies worldwide.
Volodymyr Tymoshchuk ransomware operations targeted 250 US companies and hundreds globally
According to court documents, Tymoshchuk allegedly utilized LockerGoga, MegaCortex, and Nefilim ransomware variants between December 2018 and October 2021 to encrypt computer networks across multiple countries. The affected locations include the Eastern District of New York, other U.S. regions, France, Germany, the Netherlands, Norway, and Switzerland.
Between July 2019 and June 2020, Tymoshchuk and co-conspirators allegedly compromised over 250 victim companies in the United States and hundreds more worldwide using LockerGoga and MegaCortex ransomware variants.
Custom ransomware executable files ensured victim dependency
The attacks involved customizing ransomware executable files for each specific victim, generating unique decryption keys tailored to individual networks. This customization ensured only the perpetrators possessed the means to unlock encrypted files.
Standard decryption tools proved ineffective against these customized attacks. Only decryption tools provided by Tymoshchuk or other operation members could restore compromised data, effectively holding victim data hostage until ransom demands were met.
Law enforcement intervention prevented many attacks
Despite the extensive targeting, many extortion attempts failed because law enforcement notified victims that their networks had been compromised before ransomware deployment. This early intervention prevented data encryption and limited attack success rates.
Acting Assistant Attorney General Matthew R. Galeotti noted that “In some instances, these attacks resulted in the complete disruption of business operations until encrypted data could be recovered or restored.”
Nefilim ransomware administrator role revealed
From July 2020 through October 2021, Tymoshchuk allegedly served as one of the Nefilim ransomware strain administrators. In this role, he provided ransomware access to other affiliates, including co-defendant Artem Stryzhak, who was extradited from Spain.
In exchange for providing Nefilim ransomware access, Tymoshchuk and other administrators received 20 percent of ransom proceeds from victims, illustrating the hierarchical structure and financial incentives driving the scheme.
International cooperation leads to decryption key release
In September 2022, an international coordinated effort against LockerGoga and MegaCortex ransomware resulted in the release of decryption keys through the “No More Ransomware Project.” This initiative enabled victims to decrypt compromised computers without paying ransoms.
The decryption key release significantly reduced these ransomware strains’ effectiveness and provided relief to numerous victims previously held hostage by the cyberattacks.
How to report ransomware attacks and suspicious activity
Organizations and individuals can report ransomware attacks or provide information about these cybercriminals:
- Contact the FBI directly at +1-917-242-1407,
- Email information to TymoTips@fbi.gov,
- Contact your local FBI field office if in the United States,
- Visit the nearest U.S. embassy if outside the United States,
- Report attacks immediately to help dismantle ransomware networks.
$11 million reward offered for arrest information
The U.S. Department of State’s Transnational Organized Crime Rewards Program offers up to $11 million for information leading to Tymoshchuk’s arrest and conviction or location. This reward program incentivizes individuals with knowledge of the ransomware operation to provide assistance.
Tymoshchuk faces multiple charges including conspiracy to commit fraud, intentional damage to protected computers, unauthorized access, and transmitting threats to disclose confidential information. The FBI continues investigating this case with international cooperation from authorities in France, Czech Republic, Germany, Lithuania, Luxembourg, Netherlands, Norway, Switzerland, Ukraine, Europol, and Eurojust.
Featured image credit
FAQs
Frequently Asked Questions
What is a Premium Domain Name? A premium domain name is the digital equivalent of prime real estate. It’s a short, catchy, and highly desirable web address that can significantly boost your brand's impact. These exclusive domains are already owned but available for purchase, offering you a shortcut to a powerful online presence. Why Choose a Premium Domain? Instant Brand Boost: Premium domains are like instant credibility boosters. They command attention, inspire trust, and make your business look established from day one. Memorable and Magnetic: Short, sweet, and unforgettable - these domains stick in people's minds. This means more visitors, better recall, and ultimately, more business. Outshine the Competition: In a crowded digital world, a premium domain is your secret weapon. Stand out, get noticed, and leave a lasting impression. Smart Investment: Premium domains often appreciate in value, just like a well-chosen piece of property. Own a piece of the digital world that could pay dividends. What Sets Premium Domains Apart? Unlike ordinary domain names, premium domains are carefully crafted to be exceptional. They are shorter, more memorable, and often include valuable keywords. Plus, they often come with a built-in advantage: established online presence and search engine visibility. How Much Does a Premium Domain Cost? The price tag for a premium domain depends on its desirability. While they cost more than standard domains, the investment can be game-changing. Think of it as an upfront cost for a long-term return. BrandBucket offers transparent pricing, so you know exactly what you're getting. Premium Domains: Worth the Investment? Absolutely! A premium domain is more than just a website address; it's a strategic asset. By choosing the right premium domain, you're investing in your brand's future and setting yourself up for long-term success. What Are the Costs Associated with a Premium Domain? While the initial purchase price of a premium domain is typically higher than a standard domain, the annual renewal fees are usually the same. Additionally, you may incur transfer fees if you decide to sell or move the domain to a different registrar. Can I Negotiate the Price of a Premium Domain?
In some cases, it may be possible to negotiate the price of a premium domain. However, the success of negotiations depends on factors such as the domain's demand, the seller's willingness to negotiate, and the overall market conditions. At BrandBucket, we offer transparent, upfront pricing, but if you see a name that you like and wish to discuss price, please reach out to our sales team.
How Do I Transfer a Premium Domain?
Transferring a premium domain involves a few steps, including unlocking the domain, obtaining an authorization code from the current registrar, and initiating the transfer with the new registrar. Many domain name marketplaces, including BrandBucket, offer assistance with the transfer process.
