A 28-year-old Ukrainian has been added to a list of Europe’s most wanted fugitives for alleged participation in LockerGoga ransomware attacks.
Volodymyr Tymoshchuk is said to have deployed the ransomware against hundreds of victim companies between 2018 and 2020, causing more than $18bn in damages worldwide.
Most notably, he is being pegged for the 2019 attack on Norwegian aluminium giant, Norsk Hydro, which the company estimated cost it NOK 300-350 million (£26-40m, $35-41m at the time) in the first week alone.
Europol said that Tymoshchuk’s unmasking had come after a lengthy, complex and coordinated operation involving law enforcement France, Germany, the Netherlands, Norway, Switzerland, Ukraine, the UK and the US, together with Europol and Eurojust.
Read more on LockerGoga: Euro Police Swoop on 12 Suspected Ransomware Gang Members
After previous arrests, investigators were able to map the structure of the group and the identities of various members – including malware developers, intrusion specialists and money launderers, Europol claimed. Five individuals were arrested in April this year in connection with the LockerGoga, MegaCortex, Hive and Dharma ransomware variants.
US Offers $11m as Net Tightens
The policing group’s announcement follows the unsealing in the US of a superseding indictment charging Tymoshchuk (aka deadforz, Boba, msfv and farnetwork) with serving as an administrator for not only LockerGoga, but also the MegaCortex and Nefilim ransomware groups.
“Volodymyr Tymoshchuk is charged for his role in ransomware schemes that extorted more than 250 companies across the United States and hundreds more around the world,” said acting assistant attorney general Matthew Galeotti of the Justice Department’s Criminal Division.
“In some instances, these attacks resulted in the complete disruption of business operations until encrypted data could be recovered or restored. This prosecution and today’s rewards announcement reflects our determination to protect businesses from digital sabotage and extortion and to relentlessly pursue the criminals responsible, no matter where they are located.”
The State Department’s Transnational Organized Crime (TOC) Rewards Program is offering rewards totaling $11m for information leading to the arrest and/or conviction or location of Tymoshchuk or his conspirators.
He is charged with two counts of conspiracy to commit fraud and related activity in connection with computers, three counts of intentional damage to a protected computer, one count of unauthorized access to a protected computer and one count of transmitting a threat to disclose confidential information.
LockerGoga/MegaCortex efforts were not always successful. In 2022, Europol and Bitdefender released a decryptor for LockerGoga, enabling many victims to regain access to their data.
