BROOKLYN, NY – A federal grand jury in the Eastern District of New York has returned a superseding indictment charging Volodymyr Viktorovich Tymoshchuk, also known as “deadforz,” “Boba,” “msfv,” and “farnetwork,” for his role as an administrator in the LockerGoga, MegaCortex, and Nefilim ransomware schemes.
According to court documents, Tymoshchuk, a Ukrainian national, participated in ransomware operations that targeted more than 250 companies in the United States and hundreds of others worldwide between 2018 and 2021. The attacks caused millions of dollars in losses through encrypted data, operational disruptions, and ransom payments.
Investigators said Tymoshchuk and his co-conspirators customized ransomware variants for each victim, demanding ransom payments in exchange for decryption keys. From July 2020 through October 2021, Tymoshchuk allegedly served as an administrator for the Nefilim ransomware group, providing affiliates with access to the ransomware in exchange for 20 percent of the extorted proceeds.
International coordination among law enforcement led to the release of decryption keys in 2022 through the “No More Ransomware Project,” allowing many victims to recover their data without paying.
Tymoshchuk is charged with conspiracy to commit fraud and related activity in connection with computers, intentional damage to protected computers, unauthorized access to protected computers, and transmitting threats to disclose confidential information.
The FBI is investigating the case, with assistance from authorities in multiple countries, Europol, and Eurojust. Trial Attorney Brian Z. Mund of the Justice Department’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Alexander F. Mindlin and Ellen H. Sise are prosecuting.
The U.S. Department of State announced a reward of up to $11 million for information leading to the arrest, conviction, or location of Tymoshchuk or his co-conspirators.
Anyone with information should contact the FBI at +1-917-242-1407, by email at TymoTips@fbi.gov, their local FBI field office, or the nearest U.S. embassy.
