A Ukrainian man accused of joining a global ransomware scheme has been brought to the U.S. to face charges. Artem Stryzhak was extradited from Spain after his 2024 arrest and now stands accused of launching targeted attacks on large companies using Nefilim ransomware.
U.S. prosecutors say Stryzhak began working with the Nefilim gang in mid-2021. He allegedly joined their ransomware-as-a-service (RaaS) platform, receiving access to the malware in exchange for 20% of any ransom paid by victims.
Nefilim first appeared in March 2020 and quickly became known for attacking high-revenue firms. The group’s victims span the U.S., Canada, Australia, and much of Europe, including Germany, France, and the Netherlands. It mainly targets businesses with over $200 million in yearly revenue.
Stryzhak, investigators claim, picked his targets carefully. He researched companies in aviation, construction, chemicals, oil and gas, insurance, and even eyewear. After breaking into their networks, he and his partners stole sensitive data. They then threatened to leak the files unless a ransom was paid.
Each attack was customized. Victims received unique ransom notes and decryption keys. These tactics made the threats harder to detect and more damaging for companies that refused to pay.
The indictment says these attacks caused millions in damages. That includes both ransom payments and costs tied to system outages and data loss.
U.S. Attorney John J. Durham called the case a warning to cybercriminals. He stated that even foreign hackers will be held accountable. “The defendant joined a global scheme to target major American companies. He stole their data and tried to extort money. Today’s extradition proves we will pursue justice no matter where cybercriminals hide.”
If convicted, Stryzhak could face up to five years in prison for conspiracy and fraud.
This case is part of a growing crackdown on international ransomware gangs. Law enforcement agencies are focusing more on RaaS models that allow attackers to work remotely and split profits with developers.
