A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States.
The suspect is a 33-year-old foreign man who was arrested in April 2025 in his home in Kyiv at the request of the FBI. He was extradited to the United States yesterday, June 18.
In 2023, the Ukrainian cyber police, the National Police, and international law enforcement partners began investigating a ransomware operation whose members carried out attacks on companies in France, Norway, Germany, the Netherlands, Canada, and the USA.
This operation led to the identification, seizure of devices, and arrest of multiple cybercriminals residing in Ukraine for their involvement in the LockerGoga, MegaCortex, Hive, and Dharma ransomware families.
In an announcement, Ukraine's National Police says the investigation also allowed them to identify a Ryuk ransomware member who specialized in gaining access to corporate networks and then handing it off to other members to steal data and deploy the ransomware.
"Through the analysis of the information obtained as a result of the investigative actions, it was possible to additionally identify a 33-year-old member of the group who was engaged in searching for vulnerabilities in the corporate networks of the victim companies," reads the announcement.
"The data obtained by the hacker was used by his accomplices to plan and carry out cyberattacks."
While the name of the 33-year-old man is currently unknown, Ukraine says that the suspect was previously placed on an international wanted list by the FBI and was charged with numerous crimes by the United States.
The Ryuk ransomware gang was active between 2018 and the middle of 2020, when it was responsible for numerous attacks on organizations across almost all sectors, including healthcare during the Covid pandemic.
In 2020, the ransomware gang rebranded as the Conti ransomware operation, which became one of the most active gangs at the time.
In 2022, the Conti ransomware gang shut down, splintering into numerous groups, with some still active today.
Researchers previously tracked ransom payments to the cybercrime operation and estimate that Ryuk earned $150 million while active.
BleepingComputer contacted the Department of Justice with questions about the extradition and will update the story if we receive a response.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now