Ukrainian authorities said a suspected member of the Ryuk ransomware gang has been extradited to the U.S., where he faces charges over cyberattacks that extorted more than $100 million from victims worldwide.
The 33-year-old foreign national was arrested in Kyiv in April at the request of U.S. law enforcement and handed over to American authorities earlier this week, Ukraine’s Office of the Prosecutor General said on Wednesday.
The office did not provide the suspect’s name. The U.S. Department of Justice has not issued a statement about the extradition. Thursday was a holiday for the U.S. government.
Ukrainian investigators said the man was “engaged in searching for vulnerabilities in the corporate networks of the victim companies” — or what cybersecurity experts call an “initial access broker.” Police said they seized more than $600,000 in crypto assets, nine luxury vehicles and 24 plots of land.
The group launched over 2,400 ransomware attacks in multiple countries, encrypting victims’ data and demanding cryptocurrency payments in exchange for access, authorities said. It is believed to have used the Ryuk ransomware strain in many of the attacks, which targeted corporations, critical infrastructure and industrial enterprises across the world, typically for financial gain.
Ryuk was first detected in August 2018, when it began attacking large organizations with demands for high ransom payments. The malware has previously been linked to Russian cybercriminals.
Ukrainian authorities said the suspect had previously been placed on an international wanted list by the FBI. The bureau’s public Cyber Most Wanted list contains more than 150 individuals, including alleged Russian cybercriminals.
The extradition comes after a broader international crackdown in late 2023 involving law enforcement agencies from seven countries, including the U.S., Germany, France and the Netherlands. The joint operation targeted ransomware actors linked to Ryuk, LockerGoga, MegaCortex, HIVE and Dharma.
The U.S. government has previously taken action against Ryuk’s money laundering operations.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
