**Ukrainian Hacker Pleads Guilty to Nefilim Ransomware Attacks in U.S.**

A devastating cyberattack that targeted high-revenue companies worldwide has claimed its latest victim. Ukrainian hacker Artem Stryzhak (35) pleaded guilty in the United States for his role in the Nefilim ransomware attacks, a scheme that resulted in millions of dollars in losses and extensive system damage.

Stryzhak was arrested in Spain in June 2024 and extradited to the U.S. in April 2025. He faces up to 10 years in prison for his crimes, with sentencing set for May 2026. The guilty plea marks a significant milestone in the ongoing efforts to bring cybercrime perpetrators to justice.

**A Glimpse into the Nefilim Ransomware Scheme**

Nefilim ransomware was used in a series of international attacks that targeted companies located in the United States, Canada, and Australia with annual revenues exceeding $100 million. Attackers employed customized ransomware executables for each attack, generating unique decryption keys and tailored ransom notes for victims.

Stryzhak and his co-conspirators researched their targets using online databases to gather information on their net worth, size, and contact details. Once they gained unauthorized access to a company's network, they would steal sensitive data and threaten to post it on publicly accessible "Corporate Leaks" sites if the victim refused to pay the ransom.

**The Role of Artem Stryzhak**

According to court documents, Stryzhak was granted access to the Nefilim ransomware code in exchange for 20% of his ransom proceeds. He deployed the customized ransomware via his account on the administrators' online platform. The DoJ's press release highlights Stryzhak's key role in the scheme: "Earlier today, in federal court in Brooklyn, Artem Stryzhak pleaded guilty to conspiracy to commit fraud and related activity, including extortion, in connection with computers, for his role in a series of international ransomware attacks."

**The Manhunt Continues**

Despite Stryzhak's guilty plea, the U.S. authorities are still on the hunt for his co-defendant and Nefilim admin, Volodymyr Tymoshchuk. Tymoshchuk is a serial cybercriminal who remains at large, with a $11 million reward offered by the United States Department of State for information leading to his capture or that of his co-conspirators.

**A Message from the U.S. Attorney**

"The defendant used Nefilim ransomware to target high-revenue companies in the United States steal data, and extort victims," stated Joseph Nocella, Jr., United States Attorney for the Eastern District of New York. "The defendant's conviction demonstrates that our Office will ensure that criminals are held accountable for the cyber havoc they wreak on society. We remain determined to capture Stryzhak's codefendant and partner in crime, Volodymyr Tymoshchuk, and bring him to justice in a U.S. courtroom."

**Stay Informed**

Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest updates on cybersecurity news and trends.