In a significant move underscoring the escalating global battle against cybercrime, the United States Department of Justice has launched an $11 million bounty hunt for Ukrainian national Volodymyr Viktorovich Tymoshchuk. Known by aliases such as deadforz, Boba, msfv, and farnetwork, Tymoshchuk stands accused as the alleged mastermind behind sophisticated ransomware operations that have crippled over 250 U.S. companies and countless others worldwide. The DoJ estimates these widespread cybercrimes have plundered an astonishing $18 billion over just three years, a stark reminder of the financial toll of digital vulnerabilities.
Tymoshchuk’s Ransomware Operations and Impact
Tymoshchuk is alleged to have played a key administrative role in deploying devastating ransomware variants, including MegaCortex, LockerGoga, and Nefilim. From late 2018 to October 2021, Tymoshchuk reportedly first operated LockerGoga and MegaCortex attacks. The latter involved changing passwords and encrypting all files on host computers before issuing threats and demands for payment. LockerGoga famously targeted Norsk Hydro, a major Norwegian energy company, affecting all 170 of its sites and incurring an estimated $81 million in damages.
As cybersecurity professionals developed decryption keys for these strains, Tymoshchuk reportedly pivoted to engineering and managing Nefilim. This new ransomware was sold to third-party attackers, who then shared 20% of the stolen funds from successful attacks. While MegaCortex was initially intended for corporate targets but sometimes ended up affecting individual users, Nefilim focused exclusively on high-value companies, specifically those valued at $100 million and above.
Law Enforcement’s Pursuit and Countermeasures
Law enforcement officials have emphasized their unwavering commitment to combating digital extortion. Acting Assistant Attorney General Matthew R. Galeotti underscored that the prosecution of Tymoshchuk and the substantial reward offer reflect a strong determination to “protect businesses from digital sabotage and extortion and to relentlessly pursue the criminals responsible, no matter where they are located.”
US Attorney Joseph Nocella Jr. further described Tymoshchuk as a “serial ransomware criminal” who relentlessly targeted critical institutions, from “blue-chip American companies” to “health care institutions.” Nocella highlighted the international coordination that led to these charges, affirming that “a dangerous and pervasive ransomware actor who can no longer remain anonymous” has been unmasked.
Despite the widespread compromise of over 250 US companies by Tymoshchuk and his co-conspirators, many extortion attempts ultimately failed. This success was often due to proactive warnings from federal agencies, allowing affected companies to prepare before ransomware deployment. Furthermore, significant progress was made in September 2022, when decryption keys for LockerGoga and MegaCortex were publicly released as part of the global “No More Ransomware” initiative, offering a crucial lifeline to victims.
Assistant Director Christopher G. Raia of the FBI issued a stern warning: “cyber criminals may believe they act with impunity while conducting harmful cyber intrusions, but law enforcement is onto you and will hold you accountable.” This strong message reinforces the global effort to ensure accountability in the digital realm. Special Agent Christopher J. S. Johnson echoed this sentiment, stating unequivocally that “The criminals behind Nefilim ransomware may believe they can profit from extortion and data leaks, but they are wrong.”
Charges and Rewards for Information on Tymoshchuk
Tymoshchuk faces seven serious counts in total: two counts of conspiracy to commit fraud and related activity in connection with computers, three counts of intentional damage to a protected computer, one count of unauthorized access to a protected computer, and one count of transmitting a threat to disclose confidential information. If convicted, these charges could potentially result in a life sentence in prison.
The U.S. Department of State’s Transnational Organized Crime Rewards Program is now actively offering rewards totaling up to $11 million for any information that leads to the arrest and/or conviction of Tymoshchuk or his co-conspirators.
The pursuit of Tymoshchuk highlights the relentless global effort to dismantle sophisticated cybercrime networks and ensure justice for victims. As technology continues to evolve, staying informed about such threats is paramount for digital security, a mission Digital Tech Explorer is dedicated to serving.