A Ukrainian nationwide has been extradited from Spain to america to face expenses over allegedly conducting Nefilim ransomware assaults towards corporations.
The suspect, Artem Aleksandrovych Stryzhak, 35, was arrested in Spain in June 2024 and extradited to the U.S. on April 30, 2025.
In line with the U.S. Division of Justice, Stryzhak allegedly participated in ransomware assaults that focused high-revenue corporations, primarily in america, Norway, France, Switzerland, Germany, and the Netherlands.
In June 2021, Stryzhak allegedly grew to become an affiliate of the Nefilim ransomware operation in change for 20% of any ransom funds he generated from assaults.
Stryzhak and his co-conspirators researched potential targets utilizing on-line platforms to assemble details about an organization’s income, dimension, and phone particulars. One of many extra in style websites utilized by ransomware gangs to analysis targets is Zoominfo.
“In a single change with Stryzhak in or about July 2021, a Nefilim administrator inspired him to focus on corporations in these nations with greater than $200 million in annual income,” reads the DOJ’s press launch.
When conducting assaults, Nefilim associates breach company networks, steal information, after which encrypt units utilizing the ransomware encryptor. The attackers then demand a ransom cost in bitcoin to obtain the decryption key and for stolen information to not be leaked. If a sufferer refuses to pay, the attackers publish the stolen information on-line on information leak websites.
The Nefilim ransomware launched in 2020, sharing a lot of its code with the Nemty ransomware. The ransomware encrypted information utilizing AES-128 encryption and appended the “.NEFILIM” file extension to encrypted information.
Ransom notes named “NEFILIM-DECRYPT.txt” had been created all through the system’s file system, warning that stolen information could be leaked inside seven days if negotiations weren’t began.
Supply: BleepingComputer
Nefilim is believed to have later rebranded below different names, together with Fusion, Milihpen, Gangbang, Nemty, and Karma.
Some corporations hit by Nefilim assaults embrace Toll Group, Orange, and Whirlpool.
Stryzhak is charged with conspiracy to commit fraud and associated exercise, together with extortion, in reference to computer systems. The indictment was unsealed in federal court docket in Brooklyn, the place Stryzhak is scheduled for arraignment earlier than U.S. Justice of the Peace Decide Robert M. Levy.
If convicted, Stryzhak faces as much as 5 years in jail.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and the way to defend towards them.
