A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries.
The defendant, 35-year-old Artem Aleksandrovych Stryzhak, was arrested in Spain in June 2024 and extradited to the U.S. on April 30, 2025.
Stryzhak has admitted to computer fraud conspiracy charges brought by U.S. prosecutors in connection with ransomware attacks targeting businesses in the United States, Norway, France, Switzerland, Germany, and the Netherlands.
If found guilty, Stryzhak faces up to 10 years in prison, with sentencing scheduled for May 6, 2026.
According to court documents, Stryzhak allegedly obtained access to the Nefilim ransomware code in June 2021 in exchange for 20% of the ransom payments collected. The ransomware operation created customized malware for each victim along with decryption keys and ransom demands.
After joining the Nefilim operation, Stryzhak specifically targeted large corporations in the United States, Canada, and Australia with annual revenues exceeding $100 million, using custom-tailored malware for each victim along with decryption keys and ransom demands. However, one Nefilim administrator later encouraged Stryzhak to focus on companies generating more than $200 million annually.
Stryzhak and his accomplices researched potential targets using online platforms (including Zoominfo) to gather information about a company’s revenue, size, and contact details.
To maximize pressure on victims, the group also threatened to leak data stolen during attacks on “Corporate Leaks” websites managed by the Nefilim admins unless ransom demands were met.
The U.S. State Department also offers up to $11 million for information leading to the arrest of Stryzhak’s alleged co-conspirator, Ukrainian national Volodymyr Tymoshchuk, who remains at large.
Tymoshchuk is on the most-wanted lists of both the FBI and the European Union, and in September was charged by the U.S. Justice Department with his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations.
Tymoshchuk was allegedly involved in ransomware attacks that breached hundreds of companies worldwide, resulting in millions of dollars in damages between July 2020 and October 2021.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.