A Ukrainian national has pleaded guilty to multiple crimes due to his involvement in a string of ransomware attacks targeting firms in the United States and Europe. Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, was accused of targeting these organizations from 2018 to late 2021.
According to reports, the Ukrainian could face up to 10 years in prison for conspiracy to commit fraud, including extortion. The Ukrainian was arrested in Spain in June 2024 and was subsequently extradited to the United States in April.
Authorities are still on the lookout for his co-conspirator, Volodymyr Tymoshchuk, who now has a bounty of $11 million for any information leading to his arrest.
Ukrainian pleads guilty over ransomware crimes
Joseph Nocella, the United States attorney for the Eastern District of New York, said in a statement that the defendant used Nefilim ransomware to target high-revenue companies in the United States. He would often steal data and encrypt it, only agreeing to release the data after his demands, which are often financial, have been met.
“We remain determined to capture Stryzhak’s codefendant and partner in crime, Volodymyr Tymoshchuk, and bring him to justice in a U.S. courtroom,” Nocella added.
The Ukrainian is now being accused of acting as the administrator of the Nefilim ransomware group and is described as a serial cybercriminal associated with multiple ransomware organizations.
Officials claimed that attacks carried out by Nefilim ransomware have led to the loss of millions of damages through extortion payments and damage to victim networks. Styzhak and his co-conspirators allegedly customized ransomware files for each victim, creating unique decryption keys and ransom notes.
The ransomware group primarily targeted companies located in the United States, Australia, and Canada, netting more than $100 million in annual revenue. They extorted their victims by threatening to publish stolen data.
Authorities claimed that the crew would first carry out research about their victims after breaking into their networks. They would look for details like their net worth, size of operation, and how critical their operations are. The Ukrainian and his gang would then look for their contact information and initiate contact.
Stryzhak faces up to 10 years in prison
Stryzhak’s victims in the United States include an engineering consulting company based in France, an aviation company based in New York, and a chemical company operating out of Ohio. They also targeted an insurance company in Illinois, a company in the construction industry in Texas, a pet care company in Missouri, an international eyewear company, and a company in the oil and gas transportation business.
Prosecutors mentioned that Stryzhak and his gang also used the ransomware to encrypt victim networks in Germany, the Netherlands, Switzerland, and Norway. Officials claimed he started the operation when he was given the Nefilim ransomware code in June 2021 in exchange for 20% of his ransom proceeds.
“Cybercriminals may hide behind screens, but they leave digital footprints everywhere,” Christopher Johnson, special agent in charge of the FBI’s field office in Springfield, Illinois, said in a statement.
The FBI agent mentioned that they follow these digital trails relentlessly across all networks, borders, and time, until those responsible are apprehended and held accountable for their crimes.
“Today is a remarkable accomplishment, but we will not stop until we have captured all those responsible for the Nefilim ransomware,” he added.
After pleading guilty to the fraud-related crimes, the Ukrainian is set to be sentenced on May 6, 2026, and faces a maximum penalty of up to 10 years in prison, which would be determined by the federal judge.
Get up to $30,050 in trading rewards when you join Bybit today
