10.09.2025
2 min
532
The US Department of Justice has charged Ukrainian Volodymyr Viktorovich Tymoshchuk, who is considered the administrator of several well-known ransomware groups: LockerGoga, MegaCortex and Nefilim.
According to the investigation, Tymoshchuk, known online as *deadforz, Boba, msfv, farnetwork*, is involved in attacks that have compromised more than 250 companies in the US and hundreds of others around the world since 2019. Although, thanks to the quick response of the police, the viruses were not launched in many cases, the losses are estimated at millions of dollars.
From July 2020 to October 2021, he coordinated the Nefilim operation, providing access to affiliates and receiving 20% of the ransoms. In 2023, Group-IB additionally linked him to other gangs – JSWORM, Karma, Nokoyawa, Nemty.
He is charged with conspiracy to commit computer fraud, breach of protected systems, unauthorized access, and threats to disclose data. The US State Department has announced a reward of up to $11 million for information on his location or arrest.
LockerGoga and MegaCortex are known for hacking industrial enterprises and medical institutions, which were accompanied by file encryption and threats of confidential data leakage. In 2022, free decryptors appeared for victims as part of the No More Ransomware initiative. Such cases demonstrate the scale of the problem and the need for international cooperation.
Tymoshchuk’s case shows that even “shadow” administrators are not beyond the law. Despite the millions in profits from ransomware, global efforts by law enforcement and cyber companies are increasingly leading to arrests and blocking of groups.
