A 35-year-old Ukrainian national, Artem Aleksandrovych Stryzhak, has pleaded guilty to a series of ransomware attacks that targeted organizations in the United States and Europe from 2018 through 2021. Stryzhak faces up to 10 years in prison for conspiracy to commit fraud, including extortion.
Stryzhak was arrested in Spain in June 2024 and extradited to the United States in April 2025. U.S. authorities are still seeking his alleged co-conspirator, Volodymyr Tymoshchuk, offering an $11 million reward for information leading to his arrest or conviction. Tymoshchuk is believed to have acted as an administrator of the Nefilim ransomware group and is associated with multiple ransomware strains.
According to prosecutors, Stryzhak and his co-conspirators used Nefilim ransomware to target high-revenue companies, steal sensitive data, and demand ransom payments. The group customized ransomware executables for each victim, generating unique decryption keys and personalized ransom notes.
Victims spanned multiple industries and countries, including engineering, aviation, chemicals, insurance, construction, pet care, eyewear, and oil and gas sectors in the U.S., as well as companies in Germany, the Netherlands, Norway, and Switzerland. The group primarily focused on organizations with annual revenues exceeding $100 million, using stolen data as leverage to pressure payments.
Authorities stated that Stryzhak gained access to the Nefilim ransomware code in June 2021, agreeing to contribute 20% of ransom proceeds to the operation. Officials estimate that the attacks caused millions of dollars in financial losses and network disruption.
Joseph Nocella, U.S. Attorney for the Eastern District of New York, highlighted the ongoing pursuit of Tymoshchuk: “We remain determined to capture Stryzhak’s codefendant and partner in crime, and bring him to justice in a U.S. courtroom.”
FBI Special Agent Christopher Johnson emphasized the agency’s commitment to tracking cybercriminals across borders: “Cybercriminals may hide behind screens, but they leave digital footprints everywhere. The FBI follows these trails relentlessly until those responsible are held accountable.”
Stryzhak’s plea marks a significant step in the U.S. effort to combat ransomware attacks linked to international criminal networks, but authorities caution that investigations are ongoing to apprehend remaining perpetrators.
