Ethical Hacking News
The US has indicted Volodymyr Tymoshchuk, a 28-year-old Ukrainian national, for his alleged role in orchestrating some of the most devastating ransomware operations in recent history. The indictment charges him with seven counts related to computer intrusion offenses and alleges that he caused an estimated $18 billion in damages across hundreds of organizations worldwide.
Volodymyr Tymoshchuk, a 28-year-old Ukrainian national, has been indicted for his alleged role in orchestrating devastating ransomware operations.The estimated damages caused by the attacks are $18 billion, with hundreds of organizations worldwide falling victim to the attacks.Tymoshchuk masterminded three major ransomware operations: LockerGoga, MegaCortex, and Nefilim, which terrorized corporations between 2018 and 2021.The indictment alleges that Tymoshchuk used various means to gain access to victim networks, including abusing pentesting tools and leveraging initial access brokers.The US is offering a reward of up to $11 million for information leading to Tymoshchuk's arrest and prosecution.
The United States has indicted Volodymyr Tymoshchuk, a 28-year-old Ukrainian national, for his alleged role in orchestrating some of the most devastating ransomware operations in recent history. The indictment, which was unsealed on September 9, charges Tymoshchuk with seven counts related to computer intrusion offenses, including intentional damage to protected computers, unauthorized access to protected computers, and threatening to disclose confidential information.
According to the indictment, Tymoshchuk masterminded three major ransomware operations - LockerGoga, MegaCortex, and Nefilim - that terrorized corporations between December 2018 and October 2021. The estimated damages caused by these operations are a staggering $18 billion, with hundreds of organizations worldwide falling victim to the attacks.
One of the most notable victims of Tymoshchuk's ransomware operations was Norsk Hydro, a Norwegian company that produces aluminum and other metals. In 2019, Tymoshchuk's group launched a devastating attack on Norsk Hydro, locking down tens of thousands of PCs across 170 sites in 40 countries. The attack caused an estimated $81 million worth of damage in downtime and cleanup costs, with the majority of the company's 35,000 staff affected.
The indictment alleges that Tymoshchuk and his co-conspirators used various means to gain access to victim networks, often remaining undetected for months before deploying their ransomware payload. The group members routinely abused pentesting tools like Cobalt Strike and Metasploit, as well as leveraging initial access brokers for stolen credentials.
The indictment also alleges that Tymoshchuk's group operated an affiliate model, targeting organizations with annual revenues exceeding $100 million. However, researchers at Trend Micro noted that the actual selection pool was smaller, targeting organizations with annual revenues of at least $1 billion.
The Nefilim operation, which began in July 2020 and continued until October 2021, operated under a similar model. According to the indictment, Tymoshchuk's group targeted large foreign industrial firms and threatened to leak sensitive data online unless they paid the ransom.
Despite being one of the most wanted men on Europe's Most Wanted Fugitives list, Tymoshchuk has not yet been arrested or extradited. However, the US is offering a reward of up to $11 million for information that could lead to his arrest and prosecution.
The indictment reflects the determination of the US government to protect businesses from digital sabotage and extortion. "This prosecution and today's rewards announcement reflects our determination to protect businesses from digital sabotage and extortion and to relentlessly pursue the criminals responsible, no matter where they are located," said Matthew R Galeotti, acting assistant attorney general at the Justice Department's Criminal Division.
The indictment also highlights the growing threat of ransomware attacks on businesses worldwide. The use of AI-powered tools like OpenAI's gpt-oss-20b model has made it easier for attackers to launch devastating attacks with increasing ease and frequency.
As law enforcement agencies around the world continue to crack down on ransomware gangs, it is clear that the fight against these cyber threats will be an ongoing battle. The indictment of Volodymyr Tymoshchuk serves as a reminder of the gravity of this threat and the importance of vigilance and cooperation in protecting businesses from digital sabotage.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Indictment-of-a-Ransomware-Kingpin-Unpacking-the-18-Billion-in-Damages-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/10/us_nefilim_ransomware_indictment/
https://www.msn.com/en-us/news/crime/uncle-sam-indicts-alleged-ransomware-kingpin-tied-to-18b-in-damages/ar-AA1Mgkhv
https://network-securitas.com/security-news/ransomware-victims-that-pay-up-could-incur-steep-fines-from-uncle-sam
https://www.fortinet.com/blog/threat-research/lockergoga-ransomeware-targeting-critical-infrastructure
https://www.justice.gov/opa/pr/lockergoga-megacortex-and-nefilim-ransomware-administrator-charged-ransomware-attacks
https://success.trendmicro.com/en-US/solution/KA-0009363
https://success.trendmicro.com/en-US/solution/KA-0011588
https://malpedia.caad.fkie.fraunhofer.de/details/win.nefilim
https://en.wikipedia.org/wiki/Metasploit
https://cybersecuritynews.com/what-is-metasploit/
Published: Wed Sep 10 06:57:12 2025 by llama3.2 3B Q4_K_M
