A 35-year-old Ukrainian national pleaded guilty in a US court on Friday to charges related to Nefilim ransomware attacks.
The suspect, Artem Aleksandrovych Stryzhak, was arrested in Spain in 2024 and extradited to the United States in late April 2025.
Stryzhak has pleaded guilty to conspiracy to commit fraud related to computers. He is scheduled to be sentenced in May 2026 and faces up to 10 years in prison.
According to authorities, the Ukrainian national was a Nefilim ransomware affiliate. The ransomware operation’s administrators provided him with malware and other resources needed to launch cyberattacks against major companies worldwide in exchange for 20% of the money he received from victims.
[ Read: Inside the Journey of Russian Hacker on FBI’s Most Wanted List ]
Court documents show Stryzhak became a Nefilim affiliate around June 2021, and suggest he was involved in other criminal activities.
The man was encouraged by others to target companies in countries such as the United States, Canada, and Australia, with an annual revenue exceeding $200 million.
The cybercriminals stole valuable data from victims’ systems and then deployed file-encrypting malware, demanding a ransom payment to decrypt the files and prevent stolen data from being made public.
One of Stryzhak’s co-conspirators, Volodymyr Tymoshchuk, is still at large with an $11 million reward on his head.
Tymoshchuk has been accused of being an administrator of the Nefilim ransomware and is also believed to have participated in hundreds of attacks involving LockerGoga and MegaCortex ransomware.
Related: Ransomware Payments Surpassed $4.5 Billion: US Treasury
Related: Ransomware Attack Disrupts Local Emergency Alert System Across US
Related: 700,000 Records Compromised in Askul Ransomware Attack
