U.S. places $11 million bounty on Ukrainian ransomware mastermind — Tymoshchuk allegedly stole $18 billion from large companies over 3 years

U.S. places $11 million bounty on Ukrainian ransomware mastermind — Tymoshchuk allegedly stole $18 billion from large companies over 3 years

• The U.S. has placed an $11 million bounty on Volodymyr Tymoshchuk, a Ukrainian man accused of masterminding ransomware attacks that stole $18 billion over three years.
• Tymoshchuk is charged with orchestrating the MegaCortex, LockerGoga, and Nefilm ransomware attacks, which targeted large companies, healthcare institutions, and industrial firms.
• The MegaCortex attack changes Windows passwords and encrypts files, threatening to make sensitive files public if the ransom is not paid.
• One of the high-profile thefts linked to Tymoshchuk is the attack on Norsk Hydro, a Norwegian renewable energy company, causing $81 million in damages.
• Tymoshchuk allegedly evaded law enforcement by deploying new strains of malicious software when old ones were decrypted.
• From July 2019 to June 2020, Tymoshchuk is accused of running the LockerGoga and MegaCortex offensives before shifting to the Nefilm ransomware strain.
• Tymoshchuk allegedly sold access to the Nefilm ransomware to attackers in exchange for 20% of the ransomed funds from each successful attack.
• An unsealed indictment lists numerous unnamed victim companies from the U.S. and Europe, with Tymoshchuk facing seven charges related to intentional damage and threats to disclose private information.
• If found guilty, Tymoshchuk faces a maximum sentence of life in prison.
• Tymoshchuk is linked to the already-extradited Artem Stryzhak, his co-defendant in the trial, indicating a complex legal battle ahead if extradited to the U.S.