A 43-year-old Ukrainian national allegedly involved in the Conti ransomware group pleaded not guilty in federal court Thursday to cybercrime charges that could land him in prison for up to 25 years, according to court documents.
Oleksii Oleksiyovych Lytvynenko, also known as Alexsey Alexseevich Litvinenko, was arrested in Ireland in July 2023, extradited to the United States earlier this month and remains in federal custody in Tennessee where at least three of his alleged victims are based.
Lytvynenko left Ukraine in 2022 and obtained temporary protective status in Ireland, residing in Cork at the time of his arrest. He and his Conti co-conspirators are accused of infiltrating victims’ computer networks, stealing and encrypting data, and demanding ransoms to restore data access and prevent data leaks.
Lytvynenko and his co-conspirators used Conti ransomware to attack more than 1,000 victims globally, ensnaring victims in 47 states, Washington, Puerto Rico and about 31 countries, according to the Justice Department. The FBI estimates Conti extorted more than $150 million in ransom payments from victims.
“Lytvynenko conspired to deploy Conti ransomware against victims in the United States and across the globe, extorting millions in cryptocurrency and amassing a trove of stolen data,” Brett Leatherman, assistant director of the FBI’s Cyber Division, said in a statement. “His extradition demonstrates the strength of our partnership with Irish law enforcement and the FBI’s commitment to counter cyber criminals who threaten American infrastructure.”
Conti was among the most prolific ransomware groups globally for a time, impacting hundreds of critical infrastructure providers, Costa Rica’s government in 2022, and ultimately leading the State Department to offer a $10 million reward for information related to Conti’s leaders. The group was notoriously resilient, bouncing back with new infrastructure and hitting new targets after a massive leak exposed chats between the group’s members in 2022.
Conti disbanded later that year, but members of the Cyrillic-language group rebranded under three subgroups: Zeon, Black Basta and Quantum, which quickly rebranded to Royal, before rebranding again to BlackSuit in 2024.
Lytvynenko and his co-conspirators allegedly extorted about $634,000 in Bitcoin in 2020 and 2021 from two victims in Tennessee, including an undisclosed government entity that resulted in the compromise of a sheriff’s department, local emergency medical services and a local police department, according to an unsealed indictment in the U.S. District Court for the Middle District of Tennessee.
Prosecutors allege Lytvynenko and his co-conspirators leaked data they stole from another Tennessee-based victim, an undisclosed business, after it refused to pay a $3 million ransom demand.
Four of Lytvynenko’s alleged co-conspirators — Maksim Galochkin, Maksim Rudenskiy, Mikhail Mikhailovich Tsarev and Andrey Yuryevich Zhuykov — were indicted in 2023 in the same federal court for crimes related to their suspected involvement in Conti attacks from 2020 to 2022.
Lytvynenko was allegedly engaged in cybercrime up until days before his arrest, and prosecutors accuse him of controlling data stolen from multiple Conti victims. He was also involved in ransom notes deployed on victims’ systems, according to the indictment.
Prosecutors said Lytvynenko remained engaged in cybercrime after Conti broke up. At the time of his arrest, Lytvynenko “was asleep but within arms’ reach of an open laptop running Cobalt Strike,” prosecutors said in the indictment.
Irish police told the FBI the Cobalt Strike instances were connected to active intrusions into victim networks, and his laptop also had open chat applications discussing ongoing cyberattacks, according to the indictment.
Officials secured Lytvynenko’s extradition to the U.S. after he exhausted his appeals in Ireland. Prosecutors argued he poses a substantial flight risk and danger to the community. Lytvynenko waived his right to a detention hearing during his initial court appearance Thursday, but he reserves the right to request a detention hearing at a later date.
He is charged with computer fraud conspiracy and wire fraud conspiracy.
“Ransomware is a significant threat to the safety, security, and prosperity of American citizens and business,” Matthew R. Gelotti, acting assistant attorney general, said in a statement. “The department will continue to pursue ransomware actors all over the world in its efforts to hold them to account for the damage they have inflicted on victims.”
You can read the full indictment below.
The post Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail appeared first on CyberScoop.
Oleksii Lytvynenko, 43, was arrested in Ireland in 2023 and extradited to the U.S. earlier this month. He pleaded not guilty in federal court Thursday.
The post Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail appeared first on CyberScoop. Read MoreCyberScoop
