The US on Tuesday announced a reward of up to $10 million for information on a Ukrainian national indicted for his role in administering the LockerGoga, MegaCortex, and Nefilim ransomware families.
The individual, Volodymyr Viktorovich Tymoshchuk, also known as Boba, Deadforz, Farnetwork, and Msfv, 28, is accused of compromising the networks of hundreds of organizations in the US and abroad, to deploy ransomware and extort ransom payments from the victims.
According to a May 2024 superseding indictment that was unsealed on Tuesday, the intrusions caused hundreds of millions of dollars in losses, including costs related to remediation, damage caused to computers, and ransom payments.
The ransomware executable, the indictment alleges, was customized for each victim, so that the attackers could create decryption keys that would work only for a specific organization.
“If a victim paid the ransom demand, the perpetrators would send a decryption tool, which enabled the victim to decrypt the computer files locked by the ransomware program,” the US Department of Justice notes.
Between July 2019 and June 2020, the indictment says, Tymoshchuk and his co-conspirators hit over 250 organizations in the US and hundreds more abroad with the LockerGoga and MegaCortex ransomware, including entities in France, Germany, the Netherlands, Norway, and Switzerland.
Because law enforcement notified the victims of the intrusions, many of the extortion attempts were unsuccessful, as the attack was neutralized before file-encrypting ransomware could be deployed.
Starting July 2020 through October 2021, Tymoshchuk was an administrator of the Nefilim ransomware, providing other miscreants with access to the malware in exchange for 20% of the payments received from the victims, the indictment alleges.
One of the Nefilim ransomware affiliates, Ukrainian national Artem Stryzhak, was extradited to the US after being arrested in Spain in 2024, the US announced in May.
Decryption keys for LockerGoga and MegaCortex were released publicly via the No More Ransomware Project, enabling victims to recover their data without paying a ransom.
Under the Transnational Organized Crime Rewards Program (TOCRP), the US Department of State is offering a reward of up to $10 million for information leading to the arrest and/or conviction of Tymoshchuk.
The US is also offering rewards of up to $1 million for information on other key leaders of the LockerGoga, MegaCortex, and Nefilim ransomware families.
Related: US Offers $10 Million for Three Russian Energy Firm Hackers
Related: Book Review: Infected – A Candid Look at VirusTotal’s Birth and Legacy
Related: Dutch Used Pegasus Spyware on Most-Wanted Criminal: Report
Related: Alleged Hacker Arraigned on $1.4 Million Cryptocurrency Fraud Charges
