DOJ Indicts Ukrainian National, Alleges Role in Three Major Ransomware Gangs

by ddos · September 11, 2025

The U.S. Department of Justice has filed charges against Ukrainian national Volodymyr Viktorovych Timoshchuk, identified by investigators as one of the key administrators behind the LockerGoga, MegaCortex, and Nefilim ransomware operations. According to U.S. authorities, he operated under the aliases deadforz, Boba, msfv, and farnetwork, and is already wanted by both the FBI and European Union law enforcement. The indictment states that his attacks caused millions of dollars in damages to hundreds of companies worldwide.

Between July 2019 and June 2020, Timoshchuk and his accomplices infiltrated more than 250 corporate networks in the United States and abroad, deploying LockerGoga and MegaCortex. In several cases, law enforcement alerts prevented the ransomware from being activated. Later, from July 2020 to October 2021, he administered Nefilim, granting infrastructure access to partners, including Artem Aleksandrovych Stryzhak, who was extradited from Spain to the United States in April 2025. For these services, Timoshchuk received 20% of each ransom payment.

By the autumn of 2023, researchers at Group-IB determined that he had also collaborated with other ransomware groups, including JSWORM, Karma, Nokoyawa, and Nemty. His role extended beyond administration to recruiting and managing affiliate partners. According to U.S. Attorney Joseph Nocella Jr., the defendant systematically targeted major American companies, healthcare institutions, and multinational corporations, extorting victims with the threat of publishing sensitive data. A Justice Department spokesperson emphasized that some of these attacks completely paralyzed business operations until the encrypted files were restored.

Global counter-ransomware efforts led, in September 2022, to the release of free decryption tools for LockerGoga and MegaCortex through the No More Ransomware Project, enabling victims to recover their data without paying ransoms. Nevertheless, investigators continued to build their case, and Timoshchuk now faces two counts of conspiracy to commit computer fraud, three counts of causing damage to protected systems, as well as unauthorized access and extortion threats involving confidential information.

In addition to criminal charges, the U.S. State Department has announced a reward of up to $11 million for information leading to the identification, arrest, or conviction of Timoshchuk and his accomplices.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal