Artem Aleksandrovych Stryzhak, a 35-year-old Ukrainian national, officially pleaded guilty on Friday to charges involving a series of high-profile Nefilim ransomware attacks. After being apprehended in Spain during the summer of 2024, he was extradited to the United States in April 2025 to face federal prosecution for his criminal activities. His sentencing is currently slated for May 2026, where he could be ordered to serve up to 10 years in a federal penitentiary for his role in the international conspiracy.

Court records indicate that Stryzhak entered the cybercrime operation in June 2021 after securing access to the Nefilim ransomware source code. Under the terms of his agreement with the group's administrators, he was permitted to use the malicious software in exchange for 20 percent of any ransom payments successfully collected from victims. The operation was highly sophisticated, producing unique malware variants and specific decryption keys for every company they managed to infiltrate.

GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025

Stryzhak specifically focused his efforts on large-scale enterprises in the United States, Canada, and Australia that reported annual revenues of at least 100 million dollars. To ensure maximum profitability, he and his associates used professional business databases like Zoominfo to identify targets based on their financial standing and size. At one point, leadership within the Nefilim organization even encouraged him to increase the scale of his attacks by focusing on corporations generating more than 200 million dollars in yearly revenue.

The group employed aggressive “double extortion” tactics to force victims into paying the demanded ransoms. Beyond simply encrypting sensitive files to halt business operations, the conspirators stole proprietary data and threatened to publish it on a public leak site known as Corporate Leaks. This multi-layered approach was designed to increase the pressure on victims by threatening them with both operational downtime and significant reputational damage if they refused to comply with the demands.

While Stryzhak awaits his sentencing, law enforcement continues to pursue his alleged co-conspirator, Volodymyr Tymoshchuk. The U.S. State Department has authorized a reward of up to 11 million dollars for information that leads to the arrest of Tymoshchuk, who is believed to be a primary administrator for several ransomware strains including LockerGoga and MegaCortex. Although Stryzhak is now in custody, his associate remains at large and is currently featured on the most-wanted lists of both the FBI and the European Union.

Source: Ukrainian Hacker Admits Role As Affiliate In Nefilim Ransomware Gang