A Ukrainian national, who allegedly held multinational corporations hostage from behind a keyboard, is now facing American justice.
On May 1st, prosecutors at the Brooklyn federal courtroom unsealed an indictment against a Ukrainian man, Artem Stryzhak, who allegedly helped orchestrate a global ransomware scheme using the Nefilim malware strain.
According to the indictment, Stryzhak got access to Nefilim’s malware, known in the underground as “the panel,” back in 2021. The Nefilim ransomware is known to operate as ransomware-as-a-service (RaaS).The defendant reportedly operated under the panel's revenue-sharing model, where he’d keep 80% of whatever ransom he extorted and kick 20% up to the ransomware administrators.
The targeted companies included high-revenue companies from the US, Canada, and Australia. After gaining access to the victims’ networks, Stryzhak and his co‑conspirators stole data to extort ransom payments. If victims didn’t pay up, Nefilim’s team would dump their stolen files onto the internet.
The group might have caused millions in losses, not just from ransom payments but from the damage inflicted on computer systems and business operations.
Stryzhak was arrested in Spain last June and extradited to the US this week. FBI Special Agent Christopher Johnson called the arrest “a significant achievement” and a warning shot for cybercriminals hiding behind borders. If convicted, Stryzhak faces up to five years in prison.
Cybersecurity firm Trend Micro’s analysis stated that Nefilim originated in March 2020, evolving from the older ransomware family called Nemty. Cybernews’ Darknet monitoring tool, Ransomlooker, has indicated that since 2023, 43 companies have fallen victim to the Nefilim malware.
Your email address will not be published. Required fields are markedmarked