Why The US Just Put An $11M Dollar Bounty On This Ukranian Hacker

Volodymyr Tymoshchuk is a man who most people have never heard of, but the U.S. government recently placed an $11 million bounty on him. He is neither a weapons smuggler, nor a cartel boss. Rather, prosecutors claim that he is among the most active ransomware operators of the last 10 years, a person who allegedly helped destroy hospitals, power plants, and multinational corporations.

The Ukrainian national is being charged as the mastermind of attacks that have resulted in over $18 billion in losses across different companies around the world. Operating under aliases like "deadforz" and "Boba," it's alleged that he was the creator and operator of the tools that broke into networks, locked up private data, and demanded payment for the release of it. According to reports, some businesses paid millions. Others struggled to stay afloat while paralyzed for days. 

Thanks to his involvement in seven different felonies, all of which carry a potential life sentence, U.S. Attorney Joseph Nocella Jr. has labeled Tymoshchuk as a "serial ransomware criminal." The size of the bounty really speaks to the gravity of the situation, and with the rise of ransomware and evolved cyberattacks, it's important that these crimes are being taken seriously.

Cyberattacks using ransomware can have many crippling effects; they can even be the cause of cancelled flights around the world. While Tymoshchuk's attacks took a slightly different approach than typical cyberattacks, the effects were equally as catastrophic. In 2019, Norwegian renewable energy giant Norsk Hydro was attacked by LockerGoga ransomware. The result? Nearly 170 facilities worldwide had production lines frozen. By the time it was all over, the company was looking at an $81 million hole in its books.

MegaCortex, another strain linked to Tymoshchuk, proved even harder to contain. What initially began as a weapon for targeting corporate networks spilled into ordinary people's PCs. All of a sudden, ordinary people became locked out of family photos and work files unless they paid. Cybersecurity experts eventually cracked parts of the code, but Tymoshchuk apparently responded by moving onto new ransomware families.

Come 2020, he decided to try something new. Rather than getting his own hands dirty, Tymoshchuk allegedly helped run a platform that rented out ransomware tools, where he would pocket 20% of whatever the users stole. The platform was known as Nefilim, and it provided what has been coined as "ransomware-as-a-service."

For years, Tymoshchuk seemed untouchable, hiding behind layers of aliases, servers, and international borders. Law enforcement has not been standing still in the quest to bring him to justice and put an end to all different types of cyberattacks. Investigators in the U.S. and Europe came together to share intelligence and build countermeasures. The joint effort enjoyed the fruits of their labor in 2022 when they released free decryption keys to hundreds of companies who had files locked up by MegaCortex and LockerGoga.

Even so, the aftermath from the attacks still lingers. Hospitals had to delay treatments, manufacturers lost entire runs of production, and businesses spent millions rebuilding their systems that were compromised. Given that the U.S. Department of State's Transnational Organized Crime unit has historically gone after groups like international arms and drug traffickers, they're now clearly putting hackers like Tymoshchuk in the same category. 

While the hefty $11 million reward is ultimately about catching the culprit, it's also symbolic of just how seriously these crimes are being taken. And with Tymoshchuk's alleged co-conspirator already facing trial in New York, authorities are betting that someone, somewhere, will see the bounty and decide to help bring him in.