The New York State District Court heard the guilty plea of 35-year-old Artem Strizhak. A person of Ukrainian origin is accused of carrying out extortion attacks using hired Windows Nefilim malware.
According to case documents, the actor gained access to the Nefilim ransomware in June 2021. According to the terms of the agreement, he had to give its owner 20% of each ransom paid by the victim to return the data.
The targets of the attacks are mainly companies with annual revenue over $100 million, based in the United States, Canada and Australia. For each victim, a custom build and ransom note as well as a unique key to decrypt files will be generated.
After entering the target network, the attackers conducted reconnaissance to gather information and evaluate the victim's financial capabilities. If after encrypting the file she refuses to pay, then the author of the attack threatens to publish the stolen data.
Strizhak's arrest took place in June 2024 in Spain (at that time he lived in Barcelona). In late April 2025, he was transferred to the United States as a defendant in a computer fraud conspiracy case.
If the defendant is convicted, he faces up to 10 years in prison. Sentencing is set for May 6, 2026.
US authorities also put Strizhak's accomplice, Vladimir Tymoshchuk, on the wanted list. For information leading to his arrest, the Americans were willing to pay up to $11 million.
