A Ukrainian nationwide has been extradited from Spain to the USA to face expenses over allegedly conducting Nefilim ransomware assaults in opposition to corporations.
The suspect, Artem Aleksandrovych Stryzhak, 35, was arrested in Spain in June 2024 and extradited to the U.S. on April 30, 2025.
In accordance with the U.S. Division of Justice, Stryzhak allegedly participated in ransomware assaults that focused high-revenue corporations, primarily in the USA, Norway, France, Switzerland, Germany, and the Netherlands.
In June 2021, Stryzhak allegedly grew to become an affiliate of the Nefilim ransomware operation in alternate for 20% of any ransom funds he generated from assaults.
Stryzhak and his co-conspirators researched potential targets utilizing on-line platforms to assemble details about an organization’s income, dimension, and get in touch with particulars. One of many extra standard websites utilized by ransomware gangs to analysis targets is Zoominfo.
“In a single alternate with Stryzhak in or about July 2021, a Nefilim administrator inspired him to focus on corporations in these international locations with greater than $200 million in annual income,” reads the DOJ’s press launch.
When conducting assaults, Nefilim associates breach company networks, steal knowledge, after which encrypt units utilizing the ransomware encryptor. The attackers then demand a ransom fee in bitcoin to obtain the decryption key and for stolen knowledge to not be leaked. If a sufferer refuses to pay, the attackers publish the stolen knowledge on-line on knowledge leak websites.
The Nefilim ransomware launched in 2020, sharing a lot of its code with the Nemty ransomware. The ransomware encrypted information utilizing AES-128 encryption and appended the “.NEFILIM” file extension to encrypted information.
Ransom notes named “NEFILIM-DECRYPT.txt” had been created all through the gadget’s file system, warning that stolen knowledge could be leaked inside seven days if negotiations weren’t began.
Supply: BleepingComputer
Nefilim is believed to have later rebranded below different names, together with Fusion, Milihpen, Gangbang, Nemty, and Karma.
Some corporations hit by Nefilim assaults embrace Toll Group, Orange, and Whirlpool.
Stryzhak is charged with conspiracy to commit fraud and associated exercise, together with extortion, in reference to computer systems. The indictment was unsealed in federal court docket in Brooklyn, the place Stryzhak is scheduled for arraignment earlier than U.S. Justice of the Peace Choose Robert M. Levy.
If convicted, Stryzhak faces as much as 5 years in jail.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and how you can defend in opposition to them.
