US charges admin of LockerGoga, MegaCortex, Nefilim ransomware

The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations. Also known online as deadforz, Boba, msfv, and farnetwork, Tymoshchuk was involved in ransomware attacks that led to the breach of hundreds of companies, resulting in millions of dollars in damages, according to a superseding indictment unsealed today. Between July 2019 and June 2020, Tymoshchuk and his accomplices allegedly breached the networks of over 250 companies across the United States and many more worldwide in LockerGoga and MegaCortex ransomware attacks. However, in many of these incidents, they failed to deploy the ransomware on the victims' networks due to early law enforcement alerts. From July 2020 to October 2021, Tymoshchuk allegedly served as an administrator of the Nefilim ransomware operation, providing access to affiliates, including co-defendant Artem Aleksandrovych Stryzhak, who was extradited from Spain in April 2025, in exchange for 20 percent of the ransom proceeds. In November 2023, cybersecurity company Group-IB also linked Tymoshchuk to JSWORM, Karma, Nokoyawa, and Nemty ransomware gangs, helping them recruit affiliates on multiple Russian-speaking hacker forums since April 2019. Timeline of Tymoshchuk's activities (Group-IB) "Tymoshchuk is a serial ransomware criminal who targeted blue-chip American companies, health care institutions, and large foreign industrial firms, and threatened to leak their sensitive data online if they refused to pay," said U.S. Attorney Joseph Nocella Jr. "In some instances, these attacks resulted in the complete disruption of business operations until encrypted data could be recovered or restored," Acting Assistant Attorney General Matthew R. Galeotti added. In September 2022, as part of a global effort targeting these cybercrime rings, free decryptors for LockerGoga and MegaCortex ransomware were released through the "No More Ransomware Project" initiative to help victims recover their encrypted files without paying a ransom. Tymoshchuk faces two conspiracy charges for computer fraud, three charges for damaging a protected computer, and charges for unauthorized access and threatening to disclose confidential information. The U.S. Department of State's Transnational Organized Crime (TOC) Rewards Program is also offering a reward of up to $11 million for any information that could lead to the location, arrest, or conviction of Tymoshchuk or his accomplices.