Eastern District of New York Ukrainian National Extradited from Spain to Face Conspiracy to Use Ransomware Charge United States Department of Justice
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppEarlier today in federal court in Brooklyn a superseding indictment was unsealed charging Artem Stryzhak with conspiracy to commit fraud and related activity including extortion in connection with computers for his role in a series of international attacks using the Nefilim ransomware Stryzhak a Ukrainian citizen was arrested in Spain in June 2024 and extradited to the United States on April 30 2025 The arraignment will be held later today before United States Magistrate Judge Robert M LevyppJohn J Durham United States Attorney for the Eastern District of New York and Christopher JS Johnson Special Agent in Charge Federal Bureau of Investigation Springfield Illinois Field Office FBI announced the chargesppAs alleged the defendant was part of an international ransomware scheme in which he conspired to target highrevenue companies in the United States steal data and hold data hostage in exchange for payment If victims did not pay the criminals then leaked the data online stated United States Attorney Durham The criminals who carry out these malicious cyberattacks often do so from abroad in the belief that American justice cannot reach them The extradition of the defendant and todays charges prove that they are wrongppMr Durham also thanked the Justice Departments Office of International Affairs Computer Crime and Intellectual Property Section the FBIs New York Field Office and the Government of Spain for their crucial assistance in securing the arrest and extradition from Spain of StryzhakppThe FBI has long recognized that combating international ransomware schemes requires strong partnerships stated FBI Special Agent in Charge Johnson The successful extradition of the defendant is a significant achievement in that ongoing collaboration and it sends a clear message those who attempt to hide behind international borders to target American citizens will face justiceppAs alleged in the superseding indictment Nefilim ransomware was deployed to encrypt computer networks in countries around the world including in the Eastern District of New York These ransomware attacks caused millions of dollars in losses both from ransomware payments and damage to victim computer systems The perpetrators of Nefilim typically customized the ransomware executable file for each victim creating a unique decryption key and customized ransom notes If the victims paid the ransom demand the perpetrators sent the decryption key enabling the victims to decrypt the computer files locked by the ransomware programppIn June 2021 Nefilim administrators gave Stryzhak access to the Nefilim ransomware code in exchange for 20 percent of his ransom proceeds He operated the ransomware through his account on the online Nefilim platform known as the panel When he first obtained access to the panel Stryzhak asked a coconspirator whether he should choose a different username from the one he used in other criminal activities in case the panel gets hacked into by the fedsppNefilims preferred ransomware targets were companies located in the United States Canada or Australia with more than 100 million in annual revenue Stryzhak and others researched the companies to which they gained unauthorized access including by using online databases to gather information about the victim companies net worth size and contact information In one exchange with Stryzhak in or about July 2021 a Nefilim administrator encouraged him to target companies in these countries with more than 200 million in annual revenueppAfter gaining sufficient access to the victims networks Stryzhak and his coconspirators stole data in furtherance of their scheme to extort ransom payments from them Nefilim ransom notes typically threatened the victims that unless they came to an agreement with the ransomware actors the stolen data would be published on publicly accessible Corporate Leaks websites which were maintained by Nefilim administratorsppThe charges in the indictment are allegations and the defendant is presumed innocent unless and until proven guilty If convicted of the charge Stryzhak faces up to five years imprisonmentppThe governments case is being handled by the Offices National Security and Cybercrime Section Assistant United States Attorneys Alexander F Mindlin and Ellen H Sise of the Eastern District of New York and Trial Attorney Brian Mund of the Computer Crime and Intellectual Property Section are in charge of the prosecution with assistance from Paralegal Specialist Rebecca RothppThe DefendantppARTEM ALEKSANDROVYCH STRYZHAKAge 35Barcelona Spain EDNY Docket No 23CR324 PKCppJohn MarzulliDenise Taylor United States Attorneys Office718 2546323ppThis morning in federal court in Central Islip David Ibarra was arraigned on an indictment charging him with sexual exploitation of a child coercion and enticement Ibarra an activeduty seniorppThe defendant preyed on the EgyptianAmerican Coptic Christian community by falsely promising that his purported artificial intelligencedriven hedge fund would earn guaranteed annual returns of 30 or more and takingppAn indictment was unsealed today in federal court in Brooklyn charging Andean Medjedovic with wire fraud computer hacking and attempted extortion for stealing approximately 65 million in cryptocurrency from theppEastern District of New York
Main Office
271 Cadman Plaza East
Brooklyn NY 11201ppTelephone 7182547000
Fax Line 7182547508ppStay ConnectedppppHave a question about Government Servicesp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock
Lock
Locked padlock
or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppEarlier today in federal court in Brooklyn a superseding indictment was unsealed charging Artem Stryzhak with conspiracy to commit fraud and related activity including extortion in connection with computers for his role in a series of international attacks using the Nefilim ransomware Stryzhak a Ukrainian citizen was arrested in Spain in June 2024 and extradited to the United States on April 30 2025 The arraignment will be held later today before United States Magistrate Judge Robert M LevyppJohn J Durham United States Attorney for the Eastern District of New York and Christopher JS Johnson Special Agent in Charge Federal Bureau of Investigation Springfield Illinois Field Office FBI announced the chargesppAs alleged the defendant was part of an international ransomware scheme in which he conspired to target highrevenue companies in the United States steal data and hold data hostage in exchange for payment If victims did not pay the criminals then leaked the data online stated United States Attorney Durham The criminals who carry out these malicious cyberattacks often do so from abroad in the belief that American justice cannot reach them The extradition of the defendant and todays charges prove that they are wrongppMr Durham also thanked the Justice Departments Office of International Affairs Computer Crime and Intellectual Property Section the FBIs New York Field Office and the Government of Spain for their crucial assistance in securing the arrest and extradition from Spain of StryzhakppThe FBI has long recognized that combating international ransomware schemes requires strong partnerships stated FBI Special Agent in Charge Johnson The successful extradition of the defendant is a significant achievement in that ongoing collaboration and it sends a clear message those who attempt to hide behind international borders to target American citizens will face justiceppAs alleged in the superseding indictment Nefilim ransomware was deployed to encrypt computer networks in countries around the world including in the Eastern District of New York These ransomware attacks caused millions of dollars in losses both from ransomware payments and damage to victim computer systems The perpetrators of Nefilim typically customized the ransomware executable file for each victim creating a unique decryption key and customized ransom notes If the victims paid the ransom demand the perpetrators sent the decryption key enabling the victims to decrypt the computer files locked by the ransomware programppIn June 2021 Nefilim administrators gave Stryzhak access to the Nefilim ransomware code in exchange for 20 percent of his ransom proceeds He operated the ransomware through his account on the online Nefilim platform known as the panel When he first obtained access to the panel Stryzhak asked a coconspirator whether he should choose a different username from the one he used in other criminal activities in case the panel gets hacked into by the fedsppNefilims preferred ransomware targets were companies located in the United States Canada or Australia with more than 100 million in annual revenue Stryzhak and others researched the companies to which they gained unauthorized access including by using online databases to gather information about the victim companies net worth size and contact information In one exchange with Stryzhak in or about July 2021 a Nefilim administrator encouraged him to target companies in these countries with more than 200 million in annual revenueppAfter gaining sufficient access to the victims networks Stryzhak and his coconspirators stole data in furtherance of their scheme to extort ransom payments from them Nefilim ransom notes typically threatened the victims that unless they came to an agreement with the ransomware actors the stolen data would be published on publicly accessible Corporate Leaks websites which were maintained by Nefilim administratorsppThe charges in the indictment are allegations and the defendant is presumed innocent unless and until proven guilty If convicted of the charge Stryzhak faces up to five years imprisonmentppThe governments case is being handled by the Offices National Security and Cybercrime Section Assistant United States Attorneys Alexander F Mindlin and Ellen H Sise of the Eastern District of New York and Trial Attorney Brian Mund of the Computer Crime and Intellectual Property Section are in charge of the prosecution with assistance from Paralegal Specialist Rebecca RothppThe DefendantppARTEM ALEKSANDROVYCH STRYZHAKAge 35Barcelona Spain EDNY Docket No 23CR324 PKCppJohn MarzulliDenise Taylor United States Attorneys Office718 2546323ppThis morning in federal court in Central Islip David Ibarra was arraigned on an indictment charging him with sexual exploitation of a child coercion and enticement Ibarra an activeduty seniorppThe defendant preyed on the EgyptianAmerican Coptic Christian community by falsely promising that his purported artificial intelligencedriven hedge fund would earn guaranteed annual returns of 30 or more and takingppAn indictment was unsealed today in federal court in Brooklyn charging Andean Medjedovic with wire fraud computer hacking and attempted extortion for stealing approximately 65 million in cryptocurrency from theppEastern District of New York
Main Office
271 Cadman Plaza East
Brooklyn NY 11201ppTelephone 7182547000
Fax Line 7182547508ppStay ConnectedppppHave a question about Government Servicesp
