Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges

Summary

A Ukrainian national, Oleksii Oleksiyovych Lytvynenko, has pleaded guilty in a US court for his involvement with the Conti ransomware group. He admitted to developing malware loaders and possessing data from 12 victims. Authorities suspect he continued cybercriminal activities after Conti's shutdown, and he faces up to 20 years in prison.

Full text

A Ukrainian national pleaded guilty in a US court to his role in the notorious Conti ransomware group, the Department of Justice announced. The man, Oleksii Oleksiyovych Lytvynenko, 44, of Cork, Ireland, was arrested in Ireland in 2023 and was extradited to the US in October 2025 to face Conti-related charges. Lytvynenko admitted in court to joining the Conti operation in September 2021 and working on the development of a malware loader for the group. He also admitted to possessing data from 12 victims, including eight in the US. Authorities in the US believe that the Ukrainian national continued to engage in cybercriminal activities after the Conti operation shut down. Lytvynenko pleaded guilty to wire fraud conspiracy and faces up to 20 years in prison. He is scheduled for sentencing on September 10, 2026. One of the most prolific ransomware groups half a decade ago, Conti was used in attacks against over 1,000 organizations in the US and abroad between 2020 and 2022.Advertisement. Scroll to continue reading. The ransomware gang is estimated to have received at least $150 million in ransom payments by January 2022, and was shut down in May 2022 after it pledged support for the Russian government, which led to internal data being leaked. The Conti operation was linked to numerous other malware families, including TrickBot, which was also associated with Bazarloader, SystemBC, IcedID, Ryuk, and Diavol. In June 2025, the German authorities named Russian national Vitaly Nikolaevich Kovalev as the TrickBot gang’s founder and leader. “Lytvynenko’s guilty plea is a significant step toward holding cyber criminals accountable for the damage they inflict on victims worldwide. Lytvynenko profited from fear and coercion, conspiring to use Conti ransomware to extort victims and steal their data,” Assistant Director Brett Leatherman of the FBI’s Cyber Division said. Related: FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service Related: ShinyHunters Claims Council of Europe Hack Related: British Scattered Spider Hacker Pleads Guilty in the US Related: Laravel-Lang Packages Poisoned for Malware Delivery Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Iranian Cyber Group Handala Claims Cal Water HackIvanti Sentry Exploitation Attempts Hitting HoneypotsChrome 149 Update Patches 28 VulnerabilitiesCISA Directs Federal Agencies to Prioritize Security Patches Based on RiskHackers Exploit Langflow Vulnerability for Remote Code ExecutionSplunk, Palo Alto Networks Patch Severe Vulnerabilities‘GreatXML’ Zero-Day Exploit Bypasses BitLockerCyera Raises $600 Million at $12 Billion Valuation Latest News Ozempic Maker Novo Nordisk Says Hackers Breached IT SystemsFrench Government Messaging Platform Breached by Mysterious ‘Misere’ HackerShinyHunters Claims Council of Europe HackFBI, Google Dismantle ‘Outsider Enterprise’ Phishing ServiceMaine Disables Data Breach Portal Due to Fake Submissions NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain AttacksAnthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export ControlsIn Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: How Modern Breaches Bypass MFA and Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation in the AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the MoveStephen Garcia has been named Chief Information Security Officer at BreachRx.Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.Chaim Mazal has been named Chief Information Security Officer at GitLab.More People On The MoveExpert Insights After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Conti
• malware — TrickBot
• malware — Bazarloader
• malware — SystemBC
• malware — IcedID
• malware — Ryuk
• malware — Diavol

Entities