A Ukrainian national was extradited from Spain to the US on Wednesday to face charges related to his involvement in Nefilim ransomware attacks.
The man, Artem Stryzhak, was arrested in Spain in 2024. He is charged with fraud conspiracy, including extortion, and faces up to five years in prison.
According to an indictment unsealed on Thursday, Stryzhak became a Nefilim ransomware affiliate in June 2021. He was granted access to the malware through the online Nefilim panel, in exchange for 20% of the ransom proceeds.
Discovered in March 2020 and operating as a ransomware-as-a-service (RaaS) enterprise, Nefilim has been used against high-revenue organizations in the US, France, Germany, the Netherlands, Norway, Switzerland, Canada, and Australia.
According to the indictment, Stryzhak was encouraged by a Nefilim administrator to target businesses with more than $200 million in annual revenue, and he researched the potential target organizations prior to compromising them.
After breaching the target companies’ networks, Stryzhak and his co-conspirators stole data that was later used to extort the victim into paying a ransom, threatening them with the public release of the stolen information.
Stryzhak and his co-conspirators are accused of targeting aviation, chemical, construction, engineering, eyewear, insurance, oil and gas transportation, and other types of organizations.
The indictment also alleges that Nefilim ransomware attacks caused millions of dollars in losses, both in ransom payments and damages to the compromised systems. The malware was customized for each victim, using unique decryption keys and tailored ransom notes.
“As alleged, the defendant was part of an international ransomware scheme in which he conspired to target high-revenue companies in the United States, steal data, and hold data hostage in exchange for payment,” US Attorney John J. Durham said.
“The criminals who carry out these malicious cyber-attacks often do so from abroad in the belief that American justice cannot reach them. The extradition of the defendant and today’s charges prove that they are wrong,” Durham added.
Related: LockBit Ransomware Developer Extradited to US
Related: Nigerian Accused of Hacking Tax Preparation Firms Extradited to US
Related: Russian Phobos Ransomware Operator Extradited to US
Related: US Charges Three Eastern Europeans Over Ransomware and Malvertising, Leader Extradited
