The United States Department of State announced today that it is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, a Ukrainian hacker suspected of playing a key role in international ransomware attacks, using malware such as Nefilim, LockerGoga, and MegaCortex.
These attacks have caused significant financial damage to large companies in Europe and the US.
More specifically, the Bureau of International Narcotics and Law Enforcement Affairs (INL) at the State Department announced that through the Transnational Organized Crime Rewards Program (TOCRP) it is offering up to $10 million for information leading to the arrest or conviction of Tymoshchuk anywhere in the world.
A reward of up to $1 million has also been announced for information leading to the capture and prosecution of other key leaders, in addition to Tymoshchuk and a known associate of his, associated with the Nefilim, LockerGoga, and MegaCortex ransomware variants.
According to the indictment filed in the Federal Court of the Eastern District of New York, from December 2018 to October 2021, Tymoshchuk and his associates used these ransomware variants to encrypt computer networks and carry out large-scale ransomware attacks.
These attacks hit hundreds of companies and organizations in the US and internationally, causing huge financial losses both due to ransom payments and recovery costs.
The announcement was made in cooperation with the Department of Justice, the FBI, Europol and authorities in Germany, France and Norway. The Department of Justice confirmed that the indictment against Tymoshchuk has been released and contains seven counts related to his ransomware activities. The 29-year-old Ukrainian remains at large.
The role and activity of Tymoshchuk and his group
Tymoshchuk is considered a central figure in coordinating international cyberattacks. His group has used three of the most notorious ransomware variants, namely:
Nephilim: Appeared in 2020, known for its "double extortion" tactic, targeting large companies in sectors such as energy, construction, and transportation, with demands for millions of dollars in ransoms.
LockerGoga: Famous for the attack on the Norwegian aluminum industry Norsk Hydro in 2019, which caused significant production disruptions and over $70 million in damage.
MegaCortex: Targeted large businesses, including technology companies and industrial groups in Europe and the US, paralyzing their corporate networks.
The method was always the same: they would break into computer networks, encrypt critical data, and demand large ransoms, often threatening to release confidential data. Even when ransoms were paid, full recovery took months and was associated with huge costs.
The extent of the damage
The attacks linked to Tymoshchuk and his group were not limited to specific cases.
In Europe, incidents were recorded at large industrial plants, energy companies and utilities. In the US, dozens of businesses experienced complete paralysis of their IT systems, with damages reaching hundreds of millions of dollars.
Authorities estimate that Tymoshchuk had a leading role in planning and executing these attacks, while it is not yet known how many other members of the group are active on the international scene.
