A Ukrainian national linked to the Nefilim ransomware operation has pleaded guilty in a U.S. federal court. The case marks an important step in global efforts to hold ransomware criminals accountable. Authorities say the accused played a direct role in carrying out ransomware attacks. The plea confirms insider involvement in the Nefilim group.
The individual, Artem Aleksandrovych Stryzhak, is 35 years old and acted as an affiliate of the ransomware operation. Affiliates are responsible for breaking into company networks and deploying malware. Stryzhak admitted that he knowingly participated in these criminal activities. He worked with others in exchange for a share of the ransom profits.
Court records show that Stryzhak joined the Nefilim operation around June 2021. He received access to the ransomware tools from the group’s administrators. In return, he agreed to pay roughly 20 percent of each ransom to the operators. This profit-sharing model is common in ransomware schemes.
Once involved, Stryzhak customized ransomware attacks for individual victims. He generated unique malware files, encryption keys, and ransom messages for each target. This made recovery difficult without paying the ransom. The approach increased pressure on companies to comply with demands.
The attacks focused mainly on large organizations with high annual revenues. Victims were primarily based in the United States, along with companies in Canada and Australia. Investigators say targets were carefully researched before attacks were launched. The goal was to select victims capable of paying large sums.
The Nefilim group also used data-leak threats as part of its extortion strategy. When victims refused to pay, attackers threatened to publish stolen data online. This tactic was meant to cause reputational and financial damage. It added another layer of pressure during negotiations.
Stryzhak was arrested in Spain in June 2024 following an international investigation. He was extradited to the United States in April 2025 to face federal charges. In a Brooklyn federal court, he pleaded guilty to conspiracy involving computer fraud. The plea reflects his direct role in the ransomware attacks.
If sentenced to the maximum penalty, Stryzhak faces up to ten years in prison. His sentencing hearing is scheduled for May 6, 2026. U.S. authorities say investigations into ransomware groups are ongoing. Officials stress that cybercriminals will be pursued regardless of where they operate.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
