Nefilim ransomware hacker pleads guilty to computer fraud

A former ransomware hacker pleaded guilty on Friday in the Eastern District of New York to one charge stemming from attacks on several companies in the U.S., Canada and Australia.

Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, was arrested in Barcelona last year before being extradited in April.

Stryzhak used the Nefilim ransomware strain to carry out the attacks. He was given access to the ransomware in June 2021 and agreed to pay the developers 20% of the ransoms he received, prosecutors said. 

He pleaded guilty to one count of conspiracy to commit computer fraud and is facing a maximum sentence of 10 years in prison. His sentencing is scheduled for May. 

The operators behind Nefilim attacked and targeted companies with more than $100 million in revenue and prosecutors said the group caused “millions of dollars in losses” overall between ransom payments and damage to computer systems. 

According to the indictment, Nefilim victims in the U.S. included companies in industries such as aviation, engineering, chemicals, eyewear, insurance, construction, energy and pet care. 

The Justice Department said it is still offering a reward of $11 million for information about Volodymyr Tymoshchuk, one of Stryzhak’s charged co-conspirators. 

Prosecutors previously said Tymoshchuk was an administrator for Nefilim as well as two now-defunct ransomware strains known as LockerGoga and MegaCortex.

Between December 2018 and October 2021, Tymoshchuk allegedly used the ransomware strains to attack hundreds of organizations across the U.S. and Europe, causing millions of dollars in damage, the DOJ said. 

Tymoshchuk was connected to ransomware organizations that have extorted more than 250 companies across the U.S., acting Assistant Attorney General Matthew Galeotti said.

The LockerGoga ransomware was best known for its 2019 attack on Norwegian aluminum giant Norsk Hydro.