Fraud Management & Cybercrime,
Ransomware
State Department Offers Up to $10M for Information on Cybercriminal Volodymyr Tymoshchuk
Federal prosecutors announced the indictment of a hacker linked to the LockerGoga and MegaCortex ransomware strains, presenting a seven-count criminal case in U.S. federal court. The accused, Volodymyr Tymoshchuk, a 28-year-old Ukrainian national, has been identified as an administrator for these notorious ransomware operations.
Known in the cyber underworld by aliases such as “deadforz,” “Boba,” “msfv,” and “farnetwork,” Tymoshchuk is alleged to have orchestrated a campaign that extorted businesses globally using crypto-locking software and threats of data exposure from December 2018 to at least October 2021. The operation reportedly targeted hundreds of entities, with over 250 companies identified in the U.S. Among the victims were cloud hosting provider iNSYNQ and chemical manufacturer Hexion.
In September 2022, an international police operation effectively disabled the LockerGoga and MegaCortex ransomware by releasing decryption keys. This operation was pivotal in helping victims recover their data without having to pay ransom demands. A notable incident involved Norsk Hydro, a major Norwegian aluminum producer, which, after refusing to pay a ransom, estimated the total recovery costs from an attack in March 2019 could reach $71 million.
Tymoshchuk is also implicated in the Nefilim ransomware operation, having joined the group around July 2020. His indictment additionally names Artem Stryzhak, another Ukrainian national, as a collaborator who retained 80% of the extorted funds. Stryzhak is currently facing extradition after his arrest in Spain in April. The Nefilim group has gained notoriety for previous high-profile attacks, including breaches against Whirlpool and unpatched Citrix gateways.
The U.S. Department of State is currently offering a reward of up to $10 million for information that leads to Tymoshchuk’s capture and an additional $1 million for information leading to the convictions of other affiliates involved in the Nefilim, LockerGoga, and MegaCortex operations.
