{"id":2805,"date":"2025-09-14T02:56:02","date_gmt":"2025-09-14T02:56:02","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/09\/14\/ukrainian-ransomware-fugitive-added-to-europes-most-wanted\/"},"modified":"2025-09-14T02:56:02","modified_gmt":"2025-09-14T02:56:02","slug":"ukrainian-ransomware-fugitive-added-to-europes-most-wanted","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/09\/14\/ukrainian-ransomware-fugitive-added-to-europes-most-wanted\/","title":{"rendered":"Ukrainian Ransomware Fugitive Added to Europe\u2019s Most Wanted"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n

A 28-year-old Ukrainian has been added to a list of Europe\u2019s most wanted fugitives for alleged participation in LockerGoga ransomware attacks.<\/p>\n

Volodymyr Tymoshchuk is said to have deployed the ransomware against hundreds of victim companies between 2018 and 2020, causing more than $18bn in damages worldwide.<\/p>\n

Most notably, he is being pegged for the 2019 attack on Norwegian aluminium giant, Norsk Hydro, which the company estimated cost it NOK 300-350 million (\u00a326-40m, $35-41m at the time) in the first week alone.<\/p>\n

Europol said that Tymoshchuk\u2019s unmasking had come after a lengthy, complex and coordinated operation involving law enforcement France, Germany, the Netherlands, Norway, Switzerland, Ukraine, the UK and the US, together with Europol and Eurojust.<\/p>\n

Read more on LockerGoga: Euro Police Swoop on 12 Suspected Ransomware Gang Members<\/em><\/p>\n

After previous arrests, investigators were able to map the structure of the group and the identities of various members \u2013 including malware developers, intrusion specialists and money launderers, Europol claimed.\u00a0Five individuals were arrested in April\u00a0this year in connection with the\u00a0LockerGoga, MegaCortex, Hive and Dharma ransomware variants.<\/p>\n

US Offers $11m as Net Tightens<\/h2>\n

The policing group\u2019s announcement follows the unsealing in the US of a superseding indictment charging Tymoshchuk (aka deadforz, Boba, msfv\u00a0and farnetwork) with serving as an administrator for not only LockerGoga, but also the MegaCortex and Nefilim ransomware groups.<\/p>\n

\u201cVolodymyr Tymoshchuk is charged for his role in ransomware schemes that extorted more than 250 companies across the United States and hundreds more around the world,\u201d said acting assistant attorney general Matthew Galeotti of the Justice Department\u2019s Criminal Division.<\/p>\n

\u201cIn some instances, these attacks resulted in the complete disruption of business operations until encrypted data could be recovered or restored. This prosecution and today\u2019s rewards announcement reflects our determination to protect businesses from digital sabotage and extortion and to relentlessly pursue the criminals responsible, no matter where they are located.\u201d<\/p>\n

The State\u00a0Department\u2019s Transnational Organized Crime (TOC) Rewards Program is offering rewards totaling $11m for information leading to the arrest and\/or conviction or location of Tymoshchuk or his conspirators.<\/p>\n

He is charged with two counts of conspiracy to commit fraud and related activity in connection with computers, three counts of intentional damage to a protected computer, one count of unauthorized access to a protected computer\u00a0and one count of transmitting a threat to disclose confidential information.<\/p>\n

LockerGoga\/MegaCortex efforts were not always successful. In 2022, Europol and Bitdefender released a decryptor for LockerGoga, enabling many victims to regain access to their data.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

A 28-year-old Ukrainian has been added to a list of Europe\u2019s most wanted fugitives for alleged participation in LockerGoga ransomware attacks. Volodymyr Tymoshchuk is said to have deployed the ransomware against hundreds of victim companies between 2018 and 2020, causing more than $18bn in damages worldwide. Most notably, he is being pegged for the 2019<\/p>\n","protected":false},"author":2,"featured_media":2806,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2805","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2805-f2bcd2a2-3cc4-40af-addc-154bad5e54df-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2805"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2805\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2806"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2805"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}