Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US

Avatar

Ukrainian authorities said a suspected member of the Ryuk ransomware gang has been extradited to the U.S., where he faces charges over cyberattacks that extorted more than $100 million from victims worldwide.

The 33-year-old foreign national was arrested in Kyiv in April at the request of U.S. law enforcement and handed over to American authorities earlier this week, Ukraine’s Office of the Prosecutor General said on Wednesday. 

The office did not provide the suspect’s name. The U.S. Department of Justice has not issued a statement about the extradition. Thursday was a holiday for the U.S. government.

Ukrainian investigators said the man was “engaged in searching for vulnerabilities in the corporate networks of the victim companies” — or what cybersecurity experts call an “initial access broker.” Police said they seized more than $600,000 in crypto assets, nine luxury vehicles and 24 plots of land.

The group launched over 2,400 ransomware attacks in multiple countries, encrypting victims’ data and demanding cryptocurrency payments in exchange for access, authorities said. It is believed to have used the Ryuk ransomware strain in many of the attacks, which targeted corporations, critical infrastructure and industrial enterprises across the world, typically for financial gain.

Ryuk was first detected in August 2018, when it began attacking large organizations with demands for high ransom payments. The malware has previously been linked to Russian cybercriminals.

Ukrainian authorities said the suspect had previously been placed on an international wanted list by the FBI. The bureau’s public Cyber Most Wanted list contains more than 150 individuals, including alleged Russian cybercriminals.

The extradition comes after a broader international crackdown in late 2023 involving law enforcement agencies from seven countries, including the U.S., Germany, France and the Netherlands. The joint operation targeted ransomware actors linked to Ryuk, LockerGoga, MegaCortex, HIVE and Dharma.

The U.S. government has previously taken action against Ryuk’s money laundering operations.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Cyber Security Expo Europe

Next Post

New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft

Related Posts

Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," the
Avatar
Read More