A Ukrainian man has admitted his role in a global ransomware operation after being extradited to the United States. Artem Aleksandrovych Stryzhak, 35, pleaded guilty to conspiracy to commit computer fraud for his involvement with the Nefilim ransomware group.
Stryzhak was arrested in Spain in 2024 and transferred to the US in April 2025. Court records show he joined the Nefilim ransomware operation in mid-2021 as an affiliate, meaning he did not create the malware but used it to attack large organisations worldwide.
As part of the scheme, ransomware administrators supplied him with malicious software and technical support. In return, they took around 20 percent of the ransom payments collected from victims. He was reportedly encouraged to target high-revenue companies in countries including the US, Canada, and Australia.
The attacks followed a common “double extortion” model. Sensitive data was first stolen from company systems, then files were encrypted. Victims were threatened with data leaks unless ransom payments were made.
US authorities say Stryzhak may have been involved in other cybercrime activities beyond Nefilim. He is due to be sentenced in May 2026 and faces up to 10 years in prison.
One of his alleged co-conspirators, Volodymyr Tymoshchuk, remains on the run. He is believed to be a senior administrator within the Nefilim operation and is linked to hundreds of ransomware attacks, including LockerGoga and MegaCortex. An $11 million reward has been offered for information leading to his arrest.
More Insight
This case reflects a growing trend of international cooperation against ransomware gangs. In recent years, US and European authorities have increasingly targeted affiliates rather than just developers, recognising that affiliates are often the ones carrying out the actual attacks.
Ransomware-as-a-Service (RaaS) models like Nefilim allow cybercriminals with limited technical skills to launch devastating attacks, lowering the barrier to entry for cybercrime. Law enforcement agencies now see affiliate arrests as a key way to disrupt these ecosystems.
Author: Oje.Ese
