A US federal court has unssealed charges against a Ukrainian national who authorities allege was a key figure behind several strains of ransomware, including LockerGoga, MegaCortex, and Nefilim. 

Volodymyr Viktorovich Tymoshchuk (who is also said to use the aliases "deadforz", "Boba", "msfv", and "farnetwork") has been charged for his alleged role in a series of ransomware attacks that extorted over 250 companies across the United States, and hundreds more globally. 

According to a US Department of Justice press release about the indictment, Tymoshchuk is said to have used variants of the LockerGoga, MegaCortex, and Nefilim ransomware between December 2018 and October 2021 to encrypt computer networks around the world, causing losses totalling millions of dollars. 

However, it is claimed that many of the extortion attempts failed because law enforcement agencies notified victims that their networks had been compromised by Tymoshchuk and his co-conspirators before the ransomware payload was deployed. 

The LockerGoga ransomware gained notoriety after a series of high profile attacks including the 2019 hack of Norsk Hydro, a major producer of aluminium and hydroelectric power in Norway. Other victims have included French engineering firm Altran, and industrial firms Hexion and Momentive.

LockerGoga's activities came to a sudden halt in October 2021, after Europol arrested 12 people alleged to be connected to the group in Ukraine and Switzerland. 

In September 2022, decryption keys associated with the LockerGoga ransomware were made available to the general public via the No More Ransom project - helping companies unlock their compromised data and computers without having to pay a ransom. A similar decryptor was made available for MegaCortex in January 2023. 

Then, in November 2023, Europol announced that further arrests had been made in Kyiv, Ukraine, dismantling the ransomware group believed to have been deploying variants of LockerGoga, MegaCortex, Hive, and Dharma. Computer equipment, cars, payment cards, SIM cards, as well as financial and cryptocurrency assets were seized by authorities. 

According to Joseph Nocella Jr. US Attorney for the Eastern District of New York, Tymoshchuk is "a serial ransomware criminal who targeted blue-chip American companies, health care institutions, and large foreign industrial firms, and threatened to leak their sensitive data online if they refused to pay." 

But unfortunately for the US authorities, they do not have 28-year-old Tymoshchuk in their custody.

What they do have is a bounty of ten million dollars, for anyone who can give them information leading to the arrest and conviction of Volodymyr Viktorovych Tymoshchuk. 

A further US $1,000,000 has been made available for information leading to the arrest and/or conviction of other key leaders of the Nefilim, LockerGoga, and MegaCortex ransomware variants

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.