The US Department of State is offering up to $11 million for information leading to the arrest of Volodymyr Tymoshchuk, accused of deploying ransomware that targeted hospitals, companies, and major industrial firms

US federal prosecutors have unsealed a superseding indictment charging a Ukrainian national for his alleged role in international ransomware schemes that targeted hundreds of organizations, including healthcare institutions.

The indictment charges Volodymyr Tymoshchuk with deploying the LockerGoga, MegaCortex, and Nefilim ransomware variants between December 2018 and October 2021. The attacks encrypted computer networks and caused tens of millions of dollars in losses from system damage and ransom payments across the US, France, Germany, and other countries, according to a release from the US Attorney’s Office, Eastern District of New York. Tymoshchuk is not currently in US custody.

The attacks allegedly resulted in the complete disruption of business operations for some victims until their data could be recovered. The US Department of State’s Transnational Organized Crime (TOC) Rewards Program is now offering a reward of up to $11 million for information leading to Tymoshchuk’s arrest or conviction.

“Tymoshchuk is a serial ransomware criminal who targeted blue-chip American companies, health care institutions, and large foreign industrial firms, and threatened to leak their sensitive data online if they refused to pay,” says Joseph Nocella, Jr, United States attorney for the Eastern District of New York, in a release. “Today’s charges reflect international coordination to unmask and charge a dangerous and pervasive ransomware actor who can no longer remain anonymous.”

Attack Methods and Technical Details

According to the indictment, the conspirators gained initial access to victim networks through various methods, including using hacking tools to...