Ukrainian national pleads guilty in connection with Conti ransomware
A Ukrainian national pleaded guilty to conspiracy to commit wire fraud in connection with the deployment of Conti ransomware, which targeted more than 1,000 victims worldwide.
According to the U.S. Department of Justice, 44-year-old Oleksii Oleksiyovych Lytvynenko joined the Conti conspiracy in or around September 2021 and possessed data stolen from eight U.S. victims and four overseas victims.
“Lytvynenko further admitted to joining a team run by a Conti conspirator during which time Lytvynenko was directed to work on coding a ‘loader,’ which is typically a type of malware, or malicious software, that is used to load programs necessary to execute other malicious attacks,” prosecutors said.
The conspiracy involved breaching victim networks, encrypting files and using stolen data to pressure organizations into paying ransoms. Between 2020 and 2022, the ransomware operation targeted victims in 47 U.S. states, Puerto Rico, the District of Columbia and 31 countries.
The FBI estimates the attacks generated at least $150 million in ransom payments by January 2022.
“Lytvynenko’s guilty plea is a significant step toward holding cyber criminals accountable for the damage they inflict on victims worldwide,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “Lytvynenko profited from fear and coercion, conspiring to use Conti ransomware to extort victims and steal their data.”
Lytvynenko is scheduled to be sentenced on September 10, 2026, and faces up to 20 years in prison.
Conti emerged in 2020 and became one of the world’s most active ransomware operations, targeting healthcare organizations, government agencies, educational institutions and businesses. Although the group ceased operating under its original name in 2022, researchers believe former members moved into other ransomware and cybercrime operations.
The case follows a May sentencing in which U.S. authorities handed a 102-month prison term to another former member of the Conti ransomware group.