Nefilim ransomware extortion campaign targeting high-revenue businesses
Campaign
Summary
Hide ▲
Show ▼
A Nefilim ransomware campaign now includes the U.S. Department of Justice charging Volodymyr Viktorovich Tymoshchuk for allegedly serving as an administrator of the operation. Prosecutors say he provided affiliates access to Nefilim in exchange for 20 percent of ransom proceeds, linking the campaign to a repeatable affiliate-driven extortion model. The happening remains focused on high-revenue businesses targeted with tailored intrusion and leak pressure, while the new legal action adds a concrete operator identity and enforcement response.
Related Happenings
Interpol Operation Ramz cybercrime crackdown in MENA
Law Enforcement
First: 18.05.2026 17:00
Last: 18.05.2026 17:00
Sources 1
About this happening:
**INTERPOL**'s **Operation Ramz** led to **more than 200 arrests** across the **Middle East and North Africa**, with law enforcement also identifying **382 additional suspects** i...
Interpol Operation Ramz cybercrime crackdown in MENA
Law EnforcementAbout this happening: **INTERPOL**'s **Operation Ramz** led to **more than 200 arrests** across the **Middle East and North Africa**, with law enforcement also identifying **382 additional suspects** i...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
Incident
First: 01.05.2026 10:47
Last: 01.05.2026 10:47
Sources 1
About this happening:
A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Tampa medical device company hit by ransomware attack linked to BlackCat (ALPHV)
IncidentAbout this happening: A **Tampa medical device company** suffered a **ransomware intrusion** in **May 2023** that encrypted its servers and triggered a **$10 million** ransom demand. The company later...
Albanian scam call centers investment-fraud campaign
Campaign
First: 30.04.2026 13:00
Last: 30.04.2026 13:00
Sources 1
About this happening:
A **two-year investment-fraud campaign** tied to **Albanian scam call centers** has been disrupted after **10 arrests**, revealing a coordinated operation that allegedly stole **a...
Albanian scam call centers investment-fraud campaign
CampaignAbout this happening: A **two-year investment-fraud campaign** tied to **Albanian scam call centers** has been disrupted after **10 arrests**, revealing a coordinated operation that allegedly stole **a...
BlackCat campaign expands across multiple victims
Campaign
First: 22.04.2026 14:00
Last: 22.04.2026 14:00
Sources 1
About this happening:
The **BlackCat** ransomware operation ran a **multi-victim extortion campaign** against **US organizations** between **April and November 2023**, creating sustained ransom pressur...
BlackCat campaign expands across multiple victims
CampaignAbout this happening: The **BlackCat** ransomware operation ran a **multi-victim extortion campaign** against **US organizations** between **April and November 2023**, creating sustained ransom pressur...
Latest development: 01.05.2026 14:30
Ryan Goldberg and Kevin Martin were each sentenced to four years in prison for helping the BlackCat/ALPHV ransomware gang conduct attacks against multiple U.S. organizations during 2023. Prosecutors said the pair worked alongside Angelo Martino, paid BlackCat administrators a 20% share of ransom payments, and in one case received a Bitcoin ransom worth $1.2m while also leaking patient data from a healthcare victim.
Ilya Angelov sentencing in BitPaymer botnet case
Law Enforcement
First: 25.03.2026 10:47
Last: 25.03.2026 10:47
Sources 1
About this happening:
**Ilya Angelov** was sentenced to **two years in prison** for managing a phishing botnet tied to **BitPaymer ransomware** attacks against **72 U.S. companies**. The sentence close...
Ilya Angelov sentencing in BitPaymer botnet case
Law EnforcementAbout this happening: **Ilya Angelov** was sentenced to **two years in prison** for managing a phishing botnet tied to **BitPaymer ransomware** attacks against **72 U.S. companies**. The sentence close...
Timeline
-
22.12.2025 11:46 2 articles · 5mo ago
Initial report: Nefilim ransomware extortion campaign targeting high-revenue businesses
Initial DisclosureIn **June 2021**, access to the Nefilim code was traded for **20% of ransom payments**, creating a repeatable affiliate-driven extortion workflow. The first phase focused on building target lists from company revenue and contact data before deploying tailored malware.
Show sources
- Ukrainian hacker admits affiliate role in Nefilim ransomware gang — www.bleepingcomputer.com — 22.12.2025 11:46
- INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty — thehackernews.com — 23.12.2025 13:35
-
09.09.2025 19:08 1 articles · 8mo ago
U.S. Department of Justice charges Volodymyr Viktorovich Tymoshchuk over Nefilim ransomware operation
Legal Policy Action UpdateThe U.S. Department of Justice unsealed charges against Ukrainian national Volodymyr Viktorovich Tymoshchuk for serving as administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations. Prosecutors say he provided affiliates access to Nefilim in exchange for 20 percent of ransom proceeds, and the U.S. Department of State's Transnational Organized Crime Rewards Program offered up to $11 million for information leading to his location, arrest, or conviction.
Show sources
- US charges admin of LockerGoga, MegaCortex, Nefilim ransomware — www.bleepingcomputer.com — 09.09.2025 19:08