Tuesday, September 9, 2025
Earlier today, the U.S. District Court for the Eastern District of New York unsealed a superseding indictment charging Volodymyr Viktorovich Tymoshchuk — also known as deadforz, Boba, msfv, and farnetwork — a Ukrainian national, with serving as an administrator in the LockerGoga, MegaCortex, and Nefilim ransomware schemes.
“Volodymyr Tymoshchuk is charged for his role in ransomware schemes that extorted more than 250 companies across the United States and hundreds more around the world,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “In some instances, these attacks resulted in the complete disruption of business operations until encrypted data could be recovered or restored. This prosecution and today’s rewards announcement reflects our determination to protect businesses from digital sabotage and extortion and to relentlessly pursue the criminals responsible, no matter where they are located.”
“Tymoshchuk is a serial ransomware criminal who targeted blue-chip American companies, health care institutions, and large foreign industrial firms, and threatened to leak their sensitive data online if they refused to pay,” said U.S. Attorney Joseph Nocella Jr. for the Eastern District of New York. “For a time, the defendant stayed ahead of law enforcement by deploying new strains of malicious software when his old ones were decrypted. Today’s charges reflect international coordination to unmask and charge a dangerous and pervasive ransomware actor who can no longer remain anonymous.”
“Volodymyr Tymoshchuk repeatedly used ransomware attacks to target hundreds of companies in the United States and around the globe in attempts to extort victims,” said Assistant Director in Charge Christopher G. Raia of the FBI New York Field Office. “Today’s announcement should serve as warning, cyber criminals may believe they act with impunity while conducting harmful cyber intrusions, but law enforcement is onto you and will hold you accountable. The FBI along with our law enforcement partners will continue to scour the globe to bring to justice any individual attempting to use the anonymity of the internet to commit crime.”
“The criminals behind Nefilim ransomware may believe they can profit from extortion and data leaks, but they are wrong,” said Special Agent in Charge Christopher J. S. Johnson of the FBI’s Springfield Field Office. “The FBI is actively pursuing them to disrupt their operations and bring them to justice. We urge all organizations to report these attacks immediately — because every report helps us dismantle these networks and ensure cybercriminals are held accountable.”
