U.S. Authorities Charge Administrator of LockerGoga, MegaCortex, and Nefilim Ransomware
The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations. Also known online as Deadforz, Boba, Msfv, and Farnetwork, Tymoshchuk was implicated in ransomware attacks that breached hundreds of companies, resulting in millions of dollars in damages, according to a superseding indictment unsealed recently. Between July 2019 and June 2020, he and his accomplices allegedly compromised the networks of over 250 companies across the United States and many more globally in LockerGoga and MegaCortex ransomware attacks. However, in many cases, they failed to deploy the ransomware due to early law enforcement alerts. From July 2020 to October 2021, Tymoshchuk reportedly served as an administrator of the Nefilim ransomware operation, providing access to affiliates, including co-defendant Artem Aleksandrovych Stryzhak, who was extradited from Spain in April 2025, in exchange for 20 per cent of the ransom proceeds.
In November 2023, cybersecurity company Group-IB linked Tymoshchuk to JSWORM, Karma, Nokoyawa, and Nemty ransomware gangs, assisting them in recruiting affiliates on various Russian-speaking hacker forums since April 2019. U.S. Attorney Joseph Nocella Jr. described Tymoshchuk as a serial ransomware criminal who targeted blue-chip American companies, healthcare institutions, and large foreign industrial firms, threatening to leak sensitive data if ransoms were not paid. These attacks often resulted in complete disruptions of business operations until encrypted data could be recovered. Tymoshchuk faces multiple charges, including conspiracy for computer fraud and unauthorized access. The U.S. Department of State’s Transnational Organised Crime Rewards Program is offering a reward of up to $11 million for information leading to his arrest or conviction.
Categories: Cybercrime, Ransomware Operations, Law Enforcement Actions
Tags: Ransomware, Cybercrime, Breach, Indictment, Accomplices, Decryptors, Conspiracy, Computer Fraud, Sensitive Data, Organized Crime