Artem Stryzhak, a Ukrainian national, pleaded guilty in federal court in Brooklyn to conspiracy to commit fraud and related activity involving computers. The charges are connected to his role in a series of international ransomware attacks. Stryzhak was arrested in Spain in June 2024 and extradited to the United States on April 30, 2025. He faces up to 10 years in prison at sentencing. His co-conspirator, Volodymyr Tymoshchuk, remains at large, with the U.S. Department of State offering an $11 million reward for information leading to his arrest or conviction.
The announcement was made by Joseph Nocella, Jr., United States Attorney for the Eastern District of New York; Matthew R. Galeotti, Acting Assistant Attorney General of the Justice Department’s Criminal Division; and Christopher J.S. Johnson, Special Agent in Charge at the FBI’s Springfield, Illinois Field Office.
“The defendant used Nefilim ransomware to target high-revenue companies in the United States steal data, and extort victims,” stated United States Attorney Nocella. “The defendant’s conviction demonstrates that our Office will ensure that criminals are held accountable for the cyber havoc they wreak on society. We remain determined to capture Stryzhak’s codefendant and partner in crime, Volodymyr Tymoshchuk, and bring him to justice in a U.S. courtroom.”
Nocella thanked the FBI’s New York Field Office for its contributions to the investigation as well as the Justice Department’s Office of International Affairs and Computer Crime and Intellectual Property Section, along with Spanish law enforcement authorities.
“Cybercriminals may hide behind screens, but they leave digital footprints everywhere,” stated FBI Springfield Special Agent in Charge Johnson. “The FBI follows these digital trails relentlessly - across networks, borders, and time - until those responsible are held accountable. Today is a remarkable accomplishment, but we will not stop until we have captured all those responsible for the Nefilim ransomware.”
According to prosecutors, Nefilim ransomware was used globally—including within the Eastern District of New York—to encrypt computer networks. These attacks led to millions of dollars in losses through ransom payments and damage to systems. The perpetrators typically customized each attack with unique decryption keys and ransom notes.
In June 2021, Stryzhak received access to Nefilim ransomware code from administrators in exchange for 20 percent of his ransom proceeds. He operated through an account on an online platform run by Nefilim administrators.
Preferred targets were companies based in the United States, Canada or Australia with annual revenues exceeding $100 million. Stryzhak and others researched their targets using online databases before gaining unauthorized access.
Once inside victim networks, Stryzhak and co-conspirators stole data as part of their extortion scheme. Ransom notes threatened publication of stolen data on “Corporate Leaks” websites if payment demands were not met.
Tymoshchuk is described as an administrator of Nefilim and linked with multiple ransomware strains. The State Department has offered up to $11 million for information leading to his arrest or conviction or that of other co-conspirators.
Anyone with information about these individuals can contact the FBI via phone or email or reach out through local field offices or U.S embassies abroad.
The case is being handled by the National Security and Cybercrime Section at the U.S Attorney's Office for the Eastern District of New York—an office that prosecutes federal crimes across Brooklyn, Queens, Staten Island, Nassau County and Suffolk County (official website). The office also supports community outreach efforts (official website) while representing civil matters throughout its district (official website).
Assistant United States Attorneys Alexander F. Mindlin and Ellen H. Sise along with Trial Attorney Brian Mund are prosecuting this case with assistance from Paralegal Specialist Rebecca Roth.
Stryzhak is 35 years old and resided in Barcelona prior to extradition.
