A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation.
The U.S. Department of Justice announced Thursday that 44-year-old Oleksii Oleksiyovych Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in Conti ransomware attacks conducted between 2021 and 2022.
According to prosecutors, Lytvynenko and his co-conspirators deployed Conti ransomware on victim networks in the United States and abroad, stealing data and encrypting devices to extort Bitcoin ransom payments.
According to the DOJ, Lytvynenko admitted to joining the Conti conspiracy in approximately September 2021 and possessing data stolen from eight U.S. victims and four overseas victims.
He also admitted to joining a team run by another Conti conspirator, where he worked on coding a “loader,” a type of malware used to load software needed to carry out attacks.
The Conti ransomware operation was one of the most prolific cybercrime groups active at the time, targeting hospitals, businesses, schools, and government agencies worldwide.
Court documents state that Conti targeted more than 1,000 victims worldwide and collected over $150 million in ransom payments.
The guilty plea follows Lytvynenko’s extradition from Ireland to the United States after his arrest in July 2023. Lytvynenko now faces a maximum sentence of 20 years in prison.
The Conti ransomware gang emerged from the Ryuk cybercrime group and was closely tied to the TrickBot malware syndicate.
The group became notorious for large-scale attacks against healthcare organizations, governments, and enterprises before shutting down in 2022, following the leak of its internal chats and increased law enforcement pressure.
Security researchers believe former Conti members later splintered into other ransomware groups, including BlackCat, Black Basta, ZEON, Hive, Quantum, BlackByte, Karakurt, and the Silent Ransom Group.
In September 2023, the U.S. and the United Kingdom also sanctioned and charged nine Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations for attacks against more than 900 victims worldwide.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
