The person at the center of this case
Multiple companies worldwide (250+ in United States)
Cold Case · Open
2 years waiting · since 2024
VOLODYMYR VIKTOROVYCH TYMOSHCHUK
Justice for Multiple companies worldwide (250+ in United States) — the trail went cold in 2024, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1What is Tymoshchuk's current location given his known ties to Poland, Romania, Moldova, Turkey, Russia, and Belarus?
🔍
evidence
Lead #2What specific ransom demands and payment methods were used across the three ransomware variants?
💡
clue
Lead #3Who were the identified co-conspirators in the ransomware operations, and have they been apprehended?
Volodymyr Viktorovych Tymoshchuk is an alleged ransomware administrator who, from December 2018 through October 2021, deployed LockerGoga, MegaCortex, and Nefilim ransomware variants to compromise hundreds of companies worldwide, including over 250 U.S. firms, to extort ransom payments. A federal arrest warrant was issued on May 7, 2024, in the Eastern District of New York after charges were filed for conspiracy, unauthorized computer access, and extortion threats. Tymoshchuk remains at large with suspected ties to Eastern Europe and Russia, making his apprehension critical to disrupting ongoing cybercriminal operations.
Case
#966
International; suspected Eastern Europe
Federal Bureau of Investigation (FBI); United States District Court, Eastern District of New York
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
📞
contact
Lead #4How can organizations that were victimized report additional evidence or ransom communications?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Fraud and Related Activity in Connection with Computers; Intentional Damage to a Protected Computer; Unauthorized Access to a Protected Computer; Transmitting a Threat to Disclose Confidential Information Caution: Volodymyr Viktorovych Tymoshchuk is an alleged ransomware administrator of at least three different ransomware variants. From December of 2018, through October of 2021, Tymoshchuk and his co-conspirators allegedly deployed LockerGoga, MegaCortex, and Nefilim ransomware, which compromised the computer networks of hundreds of companies around the world, including more than 250 companies in the United States, in order to extort ransom payments from the victim companies.
On May 7, 2024, a federal arrest warrant was issued for Tymoshchuk in the United States District Court, Eastern District of New York, Brooklyn, New York, after he was charged with two counts of Conspiracy to Commit Fraud and Related Activity in Connection with Computers; multiple counts of Intentional Damage to a Protected Computer; Unauthorized Access to a Protected Computer; and Transmitting a Threat to Disclose Confidential Information. Remarks: Tymoshchuk has ties to Poland, Romania, Moldova, Türkiye, Russia, and Belarus.
Timeline of Events
🕵️
2018-12-01
Ransomware campaign begins
Tymoshchuk and co-conspirators begin deploying LockerGoga ransomware against corporate networks
🕵️
2021-10-31
Campaign concludes
Last known deployment of Nefilim ransomware by Tymoshchuk and associates
🕵️
2024-05-07
Federal arrest warrant issued
Warrant issued in U.S. District Court, Eastern District of New York, Brooklyn for multiple cybercrime charges
Case Information
Incident:December 1, 2018
Last Updated:May 11, 2026
Up to $10,000,000 Reward
For information leading to the resolution of this case
Leave a comment
Comments
Case Information
Incident:December 1, 2018
Last Updated:May 11, 2026
Up to $10,000,000 Reward
For information leading to the resolution of this case