Source: United States Department of Justice
A Ukrainian national pleaded guilty today to one count of conspiracy to commit computer fraud for his role in a series of international ransomware attacks.
According to court documents, Artem Aleksandrovych Stryzhak, 35, of Barcelona, Spain, conspired with others to deploy the Nefilim ransomware against victim computer networks in the United States and other countries, causing significant damage to victim computer systems. As part of the scheme, the conspirators generated a unique ransomware executable file for each victim, along with a corresponding decryption key and customized ransom note. If a victim paid the ransom demand, the perpetrators provided the decryption key, enabling the victim to decrypt files locked by the ransomware.
In June 2021, Nefilim administrators gave Stryzhak access to the Nefilim ransomware code in exchange for 20 percent of his ransom proceeds. Stryzhak operated the ransomware through his account on the online Nefilim platform, known as the “panel.” Shortly after gaining access, Stryzhak asked a co‑conspirator whether he should choose a different username than one he used in other criminal activity, in case the panel “gets hacked into by the feds.”
Nefilim administrators preferred to target companies located in the United States, Canada, or Australia with annual revenues exceeding $100 million. Stryzhak and others researched potential victims after gaining unauthorized access to their networks, including by using online databases to obtain information about the companies’ net worth, size, and contact information. In or about July 2021, a Nefilim administrator encouraged Stryzhak to target companies in those countries with more than $200 million dollars in annual revenue.
As part of the extortion scheme, the conspirators threatened that unless victims agreed to pay the ransom, the stolen data would be published on publicly accessible “Corporate Leaks” websites maintained by Nefilim administrators.
Stryzhak was arrested in Spain in June 2024 and extradited to the United States on April 30.
Stryzhak pleaded guilty to conspiracy to commit fraud related to computers in connection with his Nefilim ransomware activities. He is scheduled to be sentenced on May 6, 2026. The defendant faces a maximum penalty of 10 years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
The U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program has offered a reward of up to $11 million for information leading to the arrest and/or conviction or location of Stryzhak’s charged co-conspirator, Volodymyr Tymoshchuk. Anyone with information about Tymoshchuk should contact the FBI via phone at +1-917-242-1407, by email at TymoTips@fbi.gov, by contacting your local field office, if in the United States, or by contacting the nearest U.S. Embassy, if located overseas. More information about the TOC reward offer is located on the State Department website.
The FBI Springfield Field Office in Illinois is investigating the case.
Trial Attorney Brian Z. Mund of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Alexander F. Mindlin and Ellen H. Sise for the Eastern District of New York are prosecuting the case, with assistance from Paralegal Specialist Rebecca Roth of the Eastern District of New York. The Criminal Division’s Office of International Affairs, the FBI’s New York Field Office, and Spanish law enforcement authorities provided substantial assistance in this case.
CCIPS investigates and prosecutes cybercrime in coordination with domestic and international law enforcement agencies, often with assistance from the private sector. Since 2020, CCIPS has secured the conviction of over 180 cybercriminals, and court orders for the return of over $350 million in victim funds.