$10 million bounty issued by US DOJ for ransomware kingpin responsible for $18 billion of damage

News
By published

The police are looking for a Ukrainian national

Volodymyr Tymoshchuk
(Image credit: Future)
  • US offers $10M for arrest of ransomware suspect Volodymyr Tymoshchuk.
  • His group caused $18B in damage, including Norsk Hydro’s $80M loss
  • Europol-led global probe led to arrests and mapped the gang’s structure

The US Department of Justice (DoJ) just placed a bounty on a cybercriminal suspected of a “series” of cyberattacks around the world.

The reward is $10 million and will be paid out to anyone who provides enough information to result in his arrest.

The suspect’s name is Volodymyr Tymoshchuk, a 28-year-old Ukrainian. He is believed to be the mastermind behind the deployment of LockerGoga ransomware, which infected “hundreds of companies”. According to the EU Most Wanted website, his group caused more than $18 billion in damage worldwide.

Previous arrests

Europol said in its press release that Tymoshchuk and his group were also responsible for the 2019 ransomware attack against a “major Norwegian aluminium company”. In underground criminal circles, he is known as Deadforz, Boba, Farnetwork, Msfv, and Volotmsk.

The European law enforcement agency also said that the identification of the suspect came after a complex international investigation, which included operations in France, Germany, Norway, Switzerland, Ukraine, the United Kingdom, and the United States. Both Europol and Eurojust (European Union Agency for Criminal Justice Cooperation) participated, as well.

While the hunt for Tymoshchuk is on, a few alleged members of his crew have already been arrested in Ukraine. This, Europol further stresses, helped the police map out the structure of the group and identify key individuals, including malware developers, intrusion specialists, and money launderers.

In mid-March 2019 Norsk Hydro, one of the world’s largest aluminium producers based in Norway, fell victim to a highly disruptive LockerGoga attack that encrypted thousands of endpoints, including corporate and industrial systems. Numerous facilities were impacted, including those in Norway, the US, Brazil, Qatar, and others. Reports at the time said up to 22,000 computers across 170 sites were impacted.

The financial fallout was significant. Losses in the first quarter were estimated at 300–350 million NOK (between $35 and 41 million), with additional operational costs mounting up in the weeks and months that followed.

By mid-2019, Norsk Hydro itself estimated the total cost of the attack across all business areas to be around 800 million NOK ($80 million).

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.