Earlier today in federal court in Brooklyn, a Ukrainian national, Artem Stryzhak, was charged with conspiracy to commit fraud and related activity in connection with computers. This charge stems from his alleged involvement in international attacks using the Nefilim ransomware. Stryzhak was arrested in Spain in June 2024 and extradited to the United States on April 30, 2025. His arraignment is scheduled to take place before United States Magistrate Judge Robert M. Levy.
United States Attorney for the Eastern District of New York, John J. Durham, and FBI Special Agent in Charge, Christopher J.S. Johnson, made the announcement regarding the charges. Attorney Durham stated, "As alleged, the defendant was part of an international ransomware scheme in which he conspired to target high-revenue companies in the United States, steal data, and hold data hostage in exchange for payment. If victims did not pay, the criminals then leaked the data online." He emphasized that the extradition and charges demonstrate the reach of American justice.
The Justice Department’s Office of International Affairs, Computer Crime and Intellectual Property Section, the FBI’s New York Field Office, and the Government of Spain were acknowledged by Durham for their assistance in the arrest and extradition process.
Special Agent Johnson remarked, "The FBI has long recognized that combating international ransomware schemes requires strong partnerships. The successful extradition of the defendant is a significant achievement in that ongoing collaboration and it sends a clear message: those who attempt to hide behind international borders to target American citizens will face justice."
The indictment alleges that the Nefilim ransomware was used to encrypt computer networks globally, causing substantial financial losses. The group typically customized the ransomware for each victim to create unique decryption keys and ransom notes. Victims who paid received decryption keys to unlock their files.
Stryzhak allegedly gained access to the Nefilim ransomware code in exchange for a share of the ransom proceeds. It is claimed he operated through an online platform, the "panel," and discussed using a different username to evade detection. Preferred targets of the ransomware included companies in the United States, Canada, or Australia, with over $100 million in annual revenue.
With network access, Stryzhak and his associates allegedly stole data to extort ransomware payments, threatening to publish it on "Corporate Leaks" websites if their demands were not met.
The indictment's charges are allegations, and Stryzhak is presumed innocent until proven guilty. If convicted, he faces a potential sentence of up to five years in prison.
The case is managed by the National Security and Cybercrime Section, with Assistant United States Attorneys Alexander F. Mindlin and Ellen H. Sise from the Eastern District of New York, and Brian Mund from the Computer Crime and Intellectual Property Section leading the prosecution with Paralegal Specialist Rebecca Roth's assistance.
