U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

Ukrainian Artem Stryzhak (35) pleaded guilty in the U.S. for Nefilim ransomware attacks; he was arrested in Spain in 2024, extradited in April 2025. A 35-year-old Ukrainian, Artem Aleksandrovych Stryzhak (35), pleaded guilty in the U.S. for Nefilim ransomware attacks. The Ukrainian citizen was arrested in Spain in 2024 and extradited to the US in […]

Scattered Spider DOJ

Ukrainian Artem Stryzhak (35) pleaded guilty in the U.S. for Nefilim ransomware attacks; he was arrested in Spain in 2024, extradited in April 2025.

A 35-year-old Ukrainian, Artem Aleksandrovych Stryzhak (35), pleaded guilty in the U.S. for Nefilim ransomware attacks. The Ukrainian citizen was arrested in Spain in 2024 and extradited to the US in April 2025. He pleaded guilty to conspiracy to commit computer fraud and faces up to 10 years in prison, with sentencing set for May 2026.

“Earlier today, in federal court in Brooklyn, Artem Stryzhak pleaded guilty to conspiracy to commit fraud and related activity, including extortion, in connection with computers, for his role in a series of international ransomware attacks.” reads the DoJ’s press release. “Stryzhak, a Ukrainian citizen, was arrested in Spain in June 2024 and extradited to the United States on April 30, 2025.  When sentenced, Stryzhak faces up to 10 years’ imprisonment.  His co-conspirator, Volodymyr Tymoshchuk, remains at large and is the subject of a $11 million reward offered by the United States Department of State.

Nefilim ransomware was used to encrypt networks worldwide, including in the Eastern District of New York, causing millions in losses from ransom payments and system damage. Attackers employed a customized ransomware executable in each attack, generating unique decryption keys and tailored ransom notes for victims. In June 2021, Nefilim administrators granted Artem Stryzhak access to the ransomware code in exchange for 20% of his ransom proceeds, which he deployed via his account on the administrators’ online platform.

“Nefilim’s preferred ransomware targets were companies located in the United States, Canada, or Australia with more than $100 million in annual revenue.” continues the report. “Stryzhak and others researched the companies to which they gained unauthorized access, including by using online databases to gather information about the victim companies’ net worth, size, and contact information.”

Stryzhak and co-conspirators researched victims using online databases to collect information on their net worth, size, and contacts. After gaining network access, they stole data to pressure companies into ransom payments. Nefilim notes warned that stolen data would be posted on publicly accessible “Corporate Leaks” sites maintained by the administrators if victims did not comply.

Volodymyr Tymoshchuk, Stryzhak’s co-defendant and Nefilim admin, is a serial ransomware cybercriminal who is still at large. The U.S. offers up to $11M for info on him or co-conspirators.

“The defendant used Nefilim ransomware to target high-revenue companies in the United States steal data, and extort victims,” stated Joseph Nocella, Jr., United States Attorney for the Eastern District of New York. “The defendant’s conviction demonstrates that our Office will ensure that criminals are held accountable for the cyber havoc they wreak on society.  We remain determined to capture Stryzhak’s codefendant and partner in crime, Volodymyr Tymoshchuk, and bring him to justice in a U.S. courtroom.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)