A Ukrainian man has been extradited from Ireland and charged in the US with conspiracy to deploy Conti, a notorious ransomware variant.

Oleksii Oleksiyovych Lytvynenko, 43, of Cork, Ireland, conspired with others to hack into victims’ computers, steal and encrypt their data, and extort them.

Lytvynenko appeared in a Tennessee court late last week due to a 2023 indictment which alleges his part in the Conti operation between 2020 and July 2022. He helped the group to extort more than $500,000 in cryptocurrency from two victims in the district, and published information stolen from a third, the Justice Department claimed.

However, the reach of Conti goes far further than the Middle District of Tennessee. In fact, the variant was used to target over 1000 corporate victims around the world, in dozens of countries and almost all states of the US, the DoJ said.

Conti was used to attack more critical national infrastructure (CNI) than any other ransomware type, causing losses of at least $150m, it continued. This makes the group a national security threat as well as a menace to boardrooms around the world.

Lytvynenko is alleged to have “controlled” data stolen from Conti victims and helped to manage the ransom notes deployed to victims’ systems.

Irish Police Swoop on Suspect

Court documents also alleged that the Ukrainian participated in cybercrime until his arrest in Ireland in July 2023.

“Lytvynenko conspired to deploy Conti ransomware against victims in the United States and across the globe, extorting millions in cryptocurrency and amassing a trove of stolen data,” said assistant director Brett Leatherman of the FBI’s Cyber Division.

“His extradition demonstrates the strength of our partnership with Irish law enforcement and the FBI’s commitment to counter cybercriminals who threaten American infrastructure. We urge every organization to remain vigilant and quickly report ransomware intrusions to your local FBI field office.”

Lytvynenko is charged with computer fraud conspiracy and wire fraud conspiracy, and if convicted could face a maximum of 25 years behind bars.

In February 2022, Conti generated some unusual publicity after a Ukrainian security researcher doxxed the criminal organization behind it. That decision was taken after Conti released a statement strongly in support of Russia’s invasion of Ukraine.

Among the more eye-catching stories to emerge was the news that the group spent an estimated $6m on employee salaries, tooling and professional services from January 2021 to February 2022.