Find notable cyber news and cases, enriched with sources, timelines, and signals.

Nefilim ransomware extortion campaign targeting high-revenue businesses

Campaign
First reported
Last updated
Happening score
H score 79
2 unique sources, 3 articles

Summary

Hide ▲

A Nefilim ransomware campaign now includes the U.S. Department of Justice charging Volodymyr Viktorovich Tymoshchuk for allegedly serving as an administrator of the operation. Prosecutors say he provided affiliates access to Nefilim in exchange for 20 percent of ransom proceeds, linking the campaign to a repeatable affiliate-driven extortion model. The happening remains focused on high-revenue businesses targeted with tailored intrusion and leak pressure, while the new legal action adds a concrete operator identity and enforcement response.

Related Happenings

Conti campaign expands across multiple victims

Campaign
H score38 First: 12.06.2026 20:54 Last: 12.06.2026 20:54 Sources 1

About this happening: The **Conti ransomware operation** ran as a large-scale **2021-2022** extortion campaign that **stole data** and **encrypted devices** to pressure victims into paying **Bitcoin**....

Europol-led AudiA6 crypto-laundering takedown

Law Enforcement
H score29 First: 11.06.2026 18:55 Last: 11.06.2026 18:55 Sources 1

About this happening: **Law enforcement** dismantled **AudiA6**, a **cryptocurrency laundering service** used by **ransomware gangs** and other cybercriminal networks, in a **June 10, 2026** multinatio...

ShinyHunters Oracle PeopleSoft data theft and extortion campaign

Campaign
H score60 First: 10.06.2026 21:31 Last: 10.06.2026 21:31 Sources 1

About this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...

Latest development: 29.06.2026 23:40

Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.

Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion

Threat Actor Meta
H score21 First: 07.06.2026 17:09 Last: 07.06.2026 17:09 Sources 1

About this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...

Silent Ransom Group US law firm IT impersonation campaign

Campaign
H score36 First: 29.05.2026 16:00 Last: 29.05.2026 16:00 Sources 1

About this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...

Timeline

  1. 22.12.2025 11:46 2 articles · 6mo ago

    Initial report: Nefilim ransomware extortion campaign targeting high-revenue businesses

    Initial Disclosure

    In **June 2021**, access to the Nefilim code was traded for **20% of ransom payments**, creating a repeatable affiliate-driven extortion workflow. The first phase focused on building target lists from company revenue and contact data before deploying tailored malware.

    Show sources
  2. 09.09.2025 19:08 1 articles · 10mo ago

    U.S. Department of Justice charges Volodymyr Viktorovich Tymoshchuk over Nefilim ransomware operation

    Legal Policy Action Update

    The U.S. Department of Justice unsealed charges against Ukrainian national Volodymyr Viktorovich Tymoshchuk for serving as administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations. Prosecutors say he provided affiliates access to Nefilim in exchange for 20 percent of ransom proceeds, and the U.S. Department of State's Transnational Organized Crime Rewards Program offered up to $11 million for information leading to his location, arrest, or conviction.

    Show sources