A Ukrainian national, Oleksii Oleksiyovych Lytvynenko, 43, was extradited from Ireland to the United States and appeared in court in the Middle District of Tennessee. He faces charges related to his alleged involvement in a conspiracy to deploy Conti ransomware, which targeted computers and networks by encrypting data and demanding ransom payments.
Court documents indicate that between 2020 and June 2022, Lytvynenko and others are accused of using Conti ransomware to extort victims and steal data. The indictment alleges that the conspirators hacked into victims’ computer systems, encrypted their files, and demanded payment for restoration of access as well as non-disclosure of stolen information. According to prosecutors, over $500,000 in cryptocurrency was extorted from two victims in Tennessee, with stolen data from a third victim published online.
Conti ransomware has reportedly been used against more than 1,000 victims worldwide. These include targets across nearly all U.S. states, the District of Columbia, Puerto Rico, and approximately 31 other countries. The FBI estimates that as of January 2022, Conti attacks have resulted in at least $150 million in ransom payments. In 2021 alone, Conti was responsible for more attacks on critical infrastructure than any other known ransomware variant. Prosecutors also allege that Lytvynenko managed stolen data from multiple victims and played a role in deploying ransom notes.
Lytvynenko was arrested by Irish police at the request of U.S. authorities in July 2023. He remained detained during extradition proceedings until his recent transfer to the United States. Authorities allege he continued cybercrime activities up until just days before his arrest.
“The defendant allegedly participated in a conspiracy to extort approximately $150 million in ransomware payments responsible for defrauding victims in almost every U.S. state and from over two dozen countries worldwide,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “Ransomware is a significant threat to the safety, security, and prosperity of American citizens and business. The Department will continue to pursue ransomware actors all over the world in its efforts to hold them to account for the damage they have inflicted on victims.”
“We will continue to work diligently to hold ransomware actors accountable for their actions which victimize American businesses and harm Tennesseans,” said Acting United States Attorney Robert E. McGuire. “I commend the prosecutors and investigators who have worked hard and sought justice for years in this investigation, and we look forward to proving our case in court.”
“Lytvynenko conspired to deploy Conti ransomware against victims in the United States and across the globe, extorting millions in cryptocurrency and amassing a trove of stolen data,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “His extradition demonstrates the strength of our partnership with Irish law enforcement and the FBI’s commitment to counter cyber criminals who threaten American infrastructure. We urge every organization to remain vigilant and quickly report ransomware intrusions to your local FBI field office.”
Lytvynenko faces charges including computer fraud conspiracy (maximum penalty: five years) and wire fraud conspiracy (maximum penalty: twenty years).
In September 2023, an indictment charging four additional individuals connected with Conti was unsealed by authorities in Tennessee.
The investigation is being led by several FBI field offices—Nashville, San Diego, El Paso—as well as by the U.S. Secret Service.
Prosecution is being handled by Trial Attorney Sonia V. Jimenez from the Justice Department’s Computer Crime and Intellectual Property Section (CCIPS), alongside Assistant U.S. Attorney Taylor Phillips from Tennessee.
The Justice Department’s Office of International Affairs coordinated Lytvynenko’s extradition with support from Irish authorities and assistance from the U.S Embassy in Ireland.
CCIPS coordinates investigations into cybercrime with domestic partners as well as international agencies; since 2020 it has achieved convictions against more than 180 cybercriminals while securing orders returning over $350 million lost by victims.
An indictment is not proof of guilt; all defendants are presumed innocent unless proven otherwise beyond reasonable doubt.
