A Ukrainian national has been extradited from Ireland to the United States to face charges related to his alleged involvement in deploying Conti ransomware. Oleksii Oleksiyovych Lytvynenko, 43, who had been residing in Cork, Ireland, appeared for the first time in the Middle District of Tennessee following his extradition.
Court documents state that between 2020 and June 2022, Lytvynenko conspired with others to use Conti ransomware to extort victims and steal data. The group allegedly hacked into computer networks, encrypted data, and demanded ransoms for restoring access and withholding public disclosure of stolen information. Prosecutors claim that more than $500,000 in cryptocurrency was extorted from two victims in the Middle District of Tennessee alone, with information from a third victim published online.
The Conti ransomware is reported to have affected over 1,000 victims globally. These include targets in nearly every U.S. state as well as several foreign countries. According to FBI estimates as of January 2022, Conti attacks resulted in at least $150 million paid out by victims. In 2021, this variant was used against more critical infrastructure targets than any other ransomware type.
Lytvynenko was arrested by Irish police at the request of U.S. authorities in July 2023 and detained pending extradition proceedings that concluded this month. Court filings allege he continued cybercriminal activity up until days before his arrest.
“The defendant allegedly participated in a conspiracy to extort approximately $150 million in ransomware payments responsible for defrauding victims in almost every U.S. state and from over two dozen countries worldwide,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “Ransomware is a significant threat to the safety, security, and prosperity of American citizens and business. The Department will continue to pursue ransomware actors all over the world in its efforts to hold them to account for the damage they have inflicted on victims.”
“We will continue to work diligently to hold ransomware actors accountable for their actions which victimize American businesses and harm Tennesseans,” said Acting United States Attorney Robert E. McGuire. “I commend the prosecutors and investigators who have worked hard and sought justice for years in this investigation, and we look forward to proving our case in court.”
“Lytvynenko conspired to deploy Conti ransomware against victims in the United States and across the globe, extorting millions in cryptocurrency and amassing a trove of stolen data,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “His extradition demonstrates the strength of our partnership with Irish law enforcement and the FBI’s commitment to counter cyber criminals who threaten American infrastructure. We urge every organization to remain vigilant and quickly report ransomware intrusions to your local FBI field office.”
Lytvynenko faces charges including computer fraud conspiracy (maximum penalty five years) and wire fraud conspiracy (maximum penalty twenty years). In September 2023, four other individuals were indicted as part of this ongoing investigation into Conti conspirators.
The case is being investigated by multiple FBI field offices along with assistance from the U.S. Secret Service. Prosecution is led by attorneys from both the Justice Department’s Computer Crime and Intellectual Property Section (CCIPS) and the Middle District of Tennessee.
The Justice Department’s Office of International Affairs coordinated Lytvynenko's extradition with help from Irish authorities and support from the U.S Embassy in Ireland.
Since 2020, CCIPS has secured convictions against over 180 cybercriminals worldwide while obtaining court orders returning more than $350 million stolen from victims.
An indictment is an allegation; all defendants are presumed innocent unless proven guilty beyond a reasonable doubt.
