Unsealed by the U.S. District Court for the Eastern District of New York, the indictment details a complex operation that conducted attacks on more than 250 companies in the U.S. and hundreds more globally, including critical infrastructure, healthcare, and major industrial targets.
Tymoshchuk allegedly served as an administrator for all three ransomware operations between December 2018 and October 2021, overseeing a wave of attacks that encrypted vast segments of victim networks in the United States, France, Germany, the Netherlands, Norway, Switzerland, and beyond.
The campaigns disrupted business operations, locked sensitive data, and forced victims to pay ransoms for decryption—sometimes under threat of sensitive data leaks if demands were not met.
While many attacks resulted in significant financial and operational damage, proactive measures by law enforcement often disrupted their plans.
Authorities frequently warned targeted companies before the ransomware could be deployed, reducing the impact of numerous attempted extortions.
In a further blow to the attacker’s operations, law enforcement and security researchers published decryption keys for LockerGoga and MegaCortex variants in 2022, allowing past victims to recover data without succumbing to ransom demands.
From July 2020 to October 2021, Tymoshchuk managed Nefilim ransomware, providing the malicious software to affiliates in exchange for a cut of up to 20% of the ransom proceeds.
This affiliate model empowered other criminals and expanded the scope of Nefilim attacks worldwide. Among his co-conspirators is Artem Stryzhak—extradited from Spain and charged alongside Tymoshchuk in the same U.S. court.
Tymoshchuk faces a total of seven counts, including conspiracy to commit computer fraud, intentional damage to protected computers, unauthorized access, and threats to disclose confidential data.
The investigation is led by the FBI, in conjunction with counterparts in France, Germany, several European nations, and international bodies Europol and Eurojust.
The U.S. State Department has announced a reward of up to $11 million for information leading to the arrest or conviction of Tymoshchuk or his associates, signaling a continued global manhunt for remaining fugitives.
This landmark prosecution is another reminder that international cooperation can unmask and disrupt sophisticated ransomware gangs, holding cybercriminals accountable regardless of geography.
The Justice Department encourages organizations to report attacks, as every tip strengthens the defense against ransomware’s global threat.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Authorities Arrest Admins Behind LockerGoga, MegaCortex, and Nefilim Ransomware appeared first on Cyber Security News.
The casting search for the next actor to play James Bond is officially underway. Amazon…
I can think of few activities I'd enjoy more than playing a video game on…
The list of nominees for the 2026 Will Eisner Comic Industry Awards has been revealed.…
A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have…
A widely used JavaScript inter-process communication library has been weaponized again. Socket and Stepsecurity have…
Security researchers at Calif, a Palo Alto-based cybersecurity firm, have used techniques derived from an…
This website uses cookies.