Overview

• A superseding indictment in the Eastern District of New York charges Volodymyr Viktorovich Tymoshchuk with conspiracy, damaging protected computers, unauthorized access, and threatening to disclose confidential information.
• The alleged campaigns ran from December 2018 to October 2021 across the United States, France, Germany, the Netherlands, Norway, and Switzerland, causing tens of millions in losses.
• From July 2020 to October 2021 he allegedly administered Nefilim as a ransomware-as-a-service enterprise, providing affiliates access in exchange for a 20% share of ransom proceeds.
• Co-defendant Artem Aleksandrovych Stryzhak was extradited from Spain in April 2025 and awaits trial in EDNY, while Tymoshchuk remains outside U.S. custody.
• Authorities highlight prior actions including the 2022 public release of LockerGoga and MegaCortex decryption keys via the No More Ransom Project and note that early victim notifications thwarted many attempted deployments.