Ukrainian National Pleads Guilty to Conspiracy to Use Ransomware

Earlier today, in federal court in Brooklyn, Artem Stryzhak pleaded guilty to conspiracy to commit fraud and related activity, including extortion, in connection with computers, for his role in a series of international ransomware attacks.  Stryzhak, a Ukrainian citizen, was arrested in Spain in June 2024 and extradited to the United States on April 30, 2025.  When sentenced, Stryzhak faces up to 10 years’ imprisonment.  His co-conspirator, Volodymyr Tymoshchuk, remains at large and is the subject of a $11 million reward offered by the United States Department of State.

Joseph Nocella, Jr., United States Attorney for the Eastern District of New York, Matthew R. Galeotti, Acting Assistant Attorney General of the Justice Department’s Criminal Division, and Christopher J.S. Johnson, Special Agent in Charge, Federal Bureau of Investigation, Springfield, Illinois Field Office (FBI), announced the guilty plea.

“The defendant used Nefilim ransomware to target high-revenue companies in the United States steal data, and extort victims,” stated United States Attorney Nocella.  “The defendant’s conviction demonstrates that our Office will ensure that criminals are held accountable for the cyber havoc they wreak on society.  We remain determined to capture Stryzhak’s codefendant and partner in crime, Volodymyr Tymoshchuk, and bring him to justice in a U.S. courtroom.”

Mr. Nocella expressed his appreciation to the FBI’s New York Field Office for their significant contributions to the investigation. Mr. Nocella also thanked the Justice Department’s Office of International Affairs and Computer Crime and Intellectual Property Section, as well as Spanish law enforcement authorities, for their assistance in the capture of Stryzhak.

“Cybercriminals may hide behind screens, but they leave digital footprints everywhere,” stated FBI Springfield Special Agent in Charge Johnson.  “The FBI follows these digital trails relentlessly - across networks, borders, and time - until those responsible are held accountable. Today is a remarkable accomplishment, but we will not stop until we have captured all those responsible for the Nefilim ransomware.”

Nefilim ransomware was deployed to encrypt computer networks in countries around the world, including in the Eastern District of New York. These ransomware attacks caused millions of dollars in losses, both from ransomware payments and damage to victim computer systems.  The perpetrators of Nefilim typically customized the ransomware executable file for each victim, creating a unique decryption key and customized ransom notes.

In June 2021, Nefilim administrators gave Stryzhak access to the Nefilim ransomware code in exchange for 20 percent of his ransom proceeds. He operated the ransomware through his account on an online platform operated by Nefilim administrators.

Nefilim’s preferred ransomware targets were companies located in the United States, Canada, or Australia with more than $100 million in annual revenue.  Stryzhak and others researched the companies to which they gained unauthorized access, including by using online databases to gather information about the victim companies’ net worth, size, and contact information.

After gaining access to the victims’ networks, Stryzhak and his co‑conspirators stole data in furtherance of their scheme to extort ransom payments from them.  Nefilim ransom notes typically threatened the victims that unless they came to an agreement with the ransomware actors, the stolen data would be published on publicly accessible “Corporate Leaks” websites, which were maintained by Nefilim administrators.

Stryzhak’s co-defendant, Volodymyr Tymoshchuk, was an administrator of the Nefilim ransomware group, and a serial cybercriminal associated with multiple ransomware strains.  The State Department is offering a reward of up to $11 million for information leading to the arrest and/or conviction or location of Tymoshchuk or his other co-conspirators.  Anyone with information on these malicious cyber actors or associated individuals or entities should contact the FBI via phone at +1-917-242-1407 or by email at TymoTips@fbi.gov.   If you are in the United States, you can also contact the local FBI field office.  If outside the United States, you can visit the nearest U.S. embassy.  More information about this TOC reward offer is located on the State Department website.

The government’s case is being handled by the Office’s National Security and Cybercrime Section.  Assistant United States Attorneys Alexander F. Mindlin and Ellen H. Sise and Trial Attorney Brian Mund of the Computer Crime and Intellectual Property Section are in charge of the prosecution, with assistance from Paralegal Specialist Rebecca Roth.

The Defendant:

ARTEM ALEKSANDROVYCH STRYZHAK
Age:  35
Barcelona, Spain 

E.D.N.Y. Docket No. 23-CR-324 (PKC)