$11 Million Bounty Unleashed in Global Cyber Manhunt
The U.S. Department of Justice (DoJ) has announced a $11 million bounty for Volodymyr Viktorovich Tymoshchuk, a Ukrainian hacker accused of stealing $18 billion from 250 companies worldwide.
Tymoshchuk—known by aliases deadforz, Boba, msfv, and farnetwork—allegedly orchestrated cyberattacks that paralyzed healthcare systems, disrupted manufacturers, and shook blue-chip firms. He now faces seven federal charges and could spend life in prison if convicted.
The Ransomware Legacy
Between 2018 and 2021, Tymoshchuk is said to have overseen three major ransomware strains:
- LockerGoga – Famously brought down Norwegian energy giant Norsk Hydro, causing $81 million in damages across 170 sites. It locked employees out of systems and halted production lines overnight.
- MegaCortex – Initially aimed at corporations but later spread into personal PCs. It reset Windows passwords, encrypted files, and threatened to leak sensitive data if victims refused to pay.
- Nefilim – Tymoshchuk’s later scheme, leased to affiliates in return for a 20% cut of each ransom. It specifically targeted $100M+ companies, stealing data and threatening public release.
These attacks froze files, locked out businesses, and forced companies into multimillion-dollar payouts.
Related topic: AI Safety cannot be ignored. Read about Datumo’s AI Safety Vision.
Authorities Fight Back
Despite the scale of his crimes, law enforcement often disrupted Tymoshchuk’s plans. Many extortion attempts failed because investigators warned companies early. And in September 2022, decryption keys for LockerGoga and MegaCortex were publicly released through the No More Ransomware Project, helping victims recover their files without paying millions.
Targeting the Biggest Fish
Court documents reveal Tymoshchuk deliberately went after wealthy corporations:
- Firms with $100M+ annual revenue – These were prime targets, seen as both vulnerable and able to pay.
- Companies in the U.S., Canada, and Australia – Geographies chosen for their high concentration of wealthy enterprises.
- Push for $200M+ firms in 2021 – Tymoshchuk encouraged partners to target even larger corporations for bigger ransoms.
- Silent infiltration with Metasploit and Cobalt Strike – His crew lurked inside networks for months before striking, ensuring maximum impact.
This strategy allowed him to demand huge ransom payouts while inflicting maximum fear and disruption.
$11 Million Reward Sends a Global Message
U.S. Attorney Joseph Nocella Jr. labeled Tymoshchuk a “serial ransomware criminal” who could no longer hide in the shadows. Acting Assistant Attorney General Matthew R. Galeotti added that these prosecutions show America’s “determination to relentlessly pursue these criminals, no matter where they are located.”
For the FBI, the $11 million bounty is not just a price on one hacker—it’s a warning to cybercriminals worldwide that hiding behind the anonymity of the internet won’t keep them safe.
Closing Note
The chase for Volodymyr Tymoshchuk isn’t just about one man. It’s a symbol of how ransomware has evolved into a global threat capable of draining billions and paralyzing industries overnight. With a $11 million bounty on his capture, the U.S. has made one thing clear: the era of faceless hackers operating without consequences is ending.
