The Conti ransomware group became quite popular a few years ago due to its frequent and damaging incidents against healthcare organizations, governments, and companies. Emerging from the Ryuk gang and closely linked to the TrickBot malware and botnet operation, it gave its last throes in 2022 due to increased law enforcement pressure on the group and also a leak of internal conversations.
Now the full weight of justice is about to fall on one of its members. Oleksii Oleksiyovych Lytvynenko, a 44-year-old Ukrainian citizen, has pleaded guilty to conspiracy to commit wire fraud for his involvement in the infamous Conti ransomware operation. The hacker had previously been extradited from Ireland to the U.S.
The cybercriminal helped carry out cyberattacks between 2021 and 2022, during which victims’ systems were encrypted, data was stolen, and ransoms were demanded in Bitcoin from different organizations in the U.S. and other countries.
Lytvynenko, a resident of Cork (Ireland), worked with other Conti members to hack victims’ networks, encrypt their files and systems, and demand hefty sums of money in exchange for returning access and preventing data leaks.
This hacker has admitted to joining the gang in September 2021. He has also admitted to possessing stolen data from multiple U.S. and foreign victims.
Lytvynenko has not denied his work in developing malware components, including a loader, which is used to load programs necessary to execute other malicious attacks.
A continuous bloodletting
The Department of Justice indicates in a press release that the Conti ransomware variant managed to infect a thousand computers and networks globally.
The agency claims that between 2020 and 2022, Conti attacks impacted 47 different U.S. states, 31 countries, and the District of Columbia and Puerto Rico. According to FBI estimates, as of January 2022, about $150 million had been paid in ransoms.
“Lytvynenko’s guilty plea represents an important step toward holding cybercriminals accountable for the harm they inflict on victims worldwide,” stated Brett Leatherman, Deputy Assistant Director of the FBI’s Cyber Division.
“Lytvynenko took advantage of fear and coercion, conspiring to use Conti ransomware to extort victims and steal their data. This case demonstrates that the FBI and our partners will relentlessly pursue those responsible for cybercrimes, regardless of where they operate, and bring them to justice,” he warns.
