The Department of Justice on Tuesday charged Ukrainian national Volodymyr Tymoshchuk, accused of carrying out hundreds of ransomware attacks on U.S. and international companies.
Known online as “deadforz,” “Boba,” “msfv,” and “farnetwork,” he allegedly extorted more than 250 U.S. firms and hundreds worldwide. Tymoshchuk remains at large.
“Tymoshchuk is a serial ransomware criminal who targeted blue-chip American companies, health care institutions, and large foreign industrial firms, and threatened to leak their sensitive data online if they refused to pay,” United States Attorney Joseph Nocella Jr. said in an official statement. “For a time, the defendant stayed ahead of law enforcement by deploying new strains of malicious software when his old ones were decrypted. Today’s charges reflect international coordination to unmask and charge a dangerous and pervasive ransomware actor who can no longer remain anonymous.”
A federal indictment in New York alleges that from December 2018 to October 2021, Tymoshchuk and co-conspirators used Nefilim, LockerGoga, and MegaCortex ransomware to infiltrate and encrypt networks of hundreds of companies in the U.S. and abroad, causing significant losses through ransom payments and recovery costs.
The State Department’s Bureau of International Narcotics and Law Enforcement Affairs is offering up to $10 million through the Transnational Organized Crime Rewards Program for information leading to Tymoshchuk’s arrest or conviction anywhere in the world.
Today, @TheJusticeDept announced charges against Volodymyr Viktorovich Tymoshchuk, a serial ransomware criminal who targeted hundreds of companies in the U.S. and around the globe. These attacks caused millions of dollars in losses, which included damage to victim computer… pic.twitter.com/j9VAaUTpEs
— FBI (@FBI) September 9, 2025
