A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges linked to the notorious Conti ransomware operation.
According to the US Department of Justice, 44-year-old Oleksii Oleksiyovych Lytvynenko admitted to conspiracy to commit wire fraud for his role in Conti ransomware attacks carried out between 2021 and 2022.
Prosecutors said Lytvynenko participated in attacks that infiltrated victim networks, stole sensitive data, and encrypted systems to extort Bitcoin ransom payments. Lytvynenko also admitted to helping develop a loader used to deploy malware while working with a team operated by another Conti member.
The Conti ransomware group was one of the most prolific cybercrime organizations in the world, targeting hospitals, businesses, schools, and government agencies. Court records indicate the group attacked more than 1,000 victims globally and collected over $150 million in ransom payments.
Lytvynenko was arrested in Ireland in July 2023 and later extradited to the United States, where he faces a maximum sentence of 20 years in prison.
Conti, which evolved from the Ryuk cybercrime group and maintained close ties to the TrickBot malware syndicate, disbanded in 2022 after internal communications were leaked and law enforcement pressure intensified. Security experts believe former members later joined or formed several other ransomware groups, including BlackCat, Black Basta, and Hive.
In a separate case, a suspected Russian hacker Denis Obrezko has been extradited from Thailand to the United States and charged with helping facilitate cyberattacks linked to the Russia-aligned hacking group known as Void Blizzard.
US authorities allege that the group conducted a large-scale cyber espionage campaign targeting organizations in NATO countries and Ukraine, including government, defense, healthcare, and media sectors.
The FBI says at least 11 US companies were compromised and linked Obrezko to cryptocurrency payments used to purchase servers and domains that supported the attacks. He appeared in federal court in Boston and is being held without bond.