A Ukrainian national has pleaded guilty to using Nefilim ransomware against a number of corporate victims in the US and elsewhere.
Artem Aleksandrovych Stryzhak, 35, was extradited from the Spanish city of Barcelona earlier this year after being arrested in June 2024. He pleaded guilty to one count of conspiracy to commit computer fraud, according to the US Justice Department (DoJ).
Stryzhak became a Nefilim affiliate in June 2021, after he was given an account by the ransomware-as-a-service administrators in exchange for 20% of his proceeds.
Having been encouraged to target companies with $200m+ in annual revenue, Stryzhak and his co-conspirators used online databases like Zoominfo to research and select their victims.
Organizations in the US, Canada and Australia were preferred, with Nefilim working like many variants. The threat actors would compromise networks, steal data and then encrypt it. Victims were told to pay a ransom in exchange for the decryption key, or else have their stolen data published to a “corporate leaks” site maintained by the ransomware developers.
Read more on Nefilim: Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses
It’s unclear how Stryzhak was apprehended but the DoJ explained that, shortly after becoming a Nefilim affiliate, he asked a co‑conspirator whether he should choose a different username to the one he used in other criminal activity, in case the panel “gets hacked into by the feds.”
Nefilim has subsequently been rebranded as Fusion, Milihpen, Gangbang, Nemty and Karma, among other names.
Stryzhak is facing a maximum of 10 years behind bars and will be sentenced in May 2026.
Conspirators at Large
The guilty plea still leaves at least one of Stryzhak’s co-conspirators at large.
Volodymyr Tymoshchuk (aka deadforz, Boba, msfv and farnetwork), a 28-year-old also from Ukraine, was recently added to a list of Europe’s most wanted fugitives after being linked to LockerGoga, MegaCortex and Nefilim. He’s believed to have been the administrator of these ransomware groups.
The US Department of State’s Transnational Organized Crime (TOC) Rewards Program has offered a reward of up to $11m for information leading to his location, arrest and/or conviction.