Ukrainian national pleads guilty to role in Conti ransomware operation

Summary

A Ukrainian national, Oleksii Oleksiyovych Lytvynenko, has pleaded guilty to conspiracy to commit wire fraud for his involvement in the Conti ransomware operation. He admitted to deploying ransomware, stealing data, and coding malware for attacks that targeted over 1,000 victims globally and extorted more than $150 million. Lytvynenko was extradited from Ireland to the U.S. after his arrest in July 2023.

Full text

Ukrainian national pleads guilty to role in Conti ransomware operation By Lawrence Abrams June 12, 2026 01:54 PM 0 A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. The U.S. Department of Justice announced Thursday that 44-year-old Oleksii Oleksiyovych Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in Conti ransomware attacks conducted between 2021 and 2022. According to prosecutors, Lytvynenko and his co-conspirators deployed Conti ransomware on victim networks in the United States and abroad, stealing data and encrypting devices to extort Bitcoin ransom payments. According to the DOJ, Lytvynenko admitted to joining the Conti conspiracy in approximately September 2021 and possessing data stolen from eight U.S. victims and four overseas victims. He also admitted to joining a team run by another Conti conspirator, where he worked on coding a "loader," a type of malware used to load software needed to carry out attacks. The Conti ransomware operation was one of the most prolific cybercrime groups active at the time, targeting hospitals, businesses, schools, and government agencies worldwide. Court documents state that Conti targeted more than 1,000 victims worldwide and collected over $150 million in ransom payments. The guilty plea follows Lytvynenko's extradition from Ireland to the United States after his arrest in July 2023. Lytvynenko now faces a maximum sentence of 20 years in prison. The Conti ransomware gang emerged from the Ryuk cybercrime group and was closely tied to the TrickBot malware syndicate. The group became notorious for large-scale attacks against healthcare organizations, governments, and enterprises before shutting down in 2022, following the leak of its internal chats and increased law enforcement pressure. Security researchers believe former Conti members later splintered into other ransomware groups, including BlackCat, Black Basta, ZEON, Hive, Quantum, BlackByte, Karakurt, and the Silent Ransom Group. In September 2023, the U.S. and the United Kingdom also sanctioned and charged nine Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations for attacks against more than 900 victims worldwide. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prisonTrigona ransomware attacks use custom exfiltration tool to steal dataPharma giant Novo Nordisk discloses breach of clinical trials dataOracle mitigates PeopleSoft zero-day exploited in data theft attacksAuthorities dismantle 'AudiA6' ransomware crypto-laundering service

Indicators of Compromise

• malware — Conti
• malware — Ryuk
• malware — TrickBot
• malware — BlackCat
• malware — Black Basta
• malware — ZEON
• malware — Hive
• malware — Quantum
• malware — BlackByte
• malware — Karakurt
• malware — Silent Ransom Group

Entities