
A Ukrainian national suspected of participating in ransomware attacks involving the Nefilim malware has recently been extradited to the United States. According to the Department of Justice, 35-year-old Artem Oleksandrovych Stryzhak was apprehended in Spain in June 2024 and transferred to U.S. custody on April 30, 2025. He is expected to appear before a federal court in Brooklyn in the coming days.
Stryzhak stands accused of taking part in an extortion scheme that targeted large corporations with multimillion-dollar revenues. According to U.S. authorities, he joined a group associated with the Nefilim ransomware operation in mid-2021, receiving a cut of the ransoms successfully extracted from victims.
Court documents reveal that one of the primary criteria for selecting targets was an annual revenue exceeding \$200 million. Publicly available online platforms such as ZoomInfo were used to identify potential victims, assess the scale of their operations, and gather contact information.
Once inside a company’s internal network, the attackers would exfiltrate sensitive data and encrypt files across employee workstations. Victims would then receive ransom demands threatening to publish the stolen information unless payment—in cryptocurrency—was made. The demands were typically delivered via text files named “NEFILIM-DECRYPT.txt,” warning companies that they had only seven days to initiate negotiations before the data would be released publicly.
The Nefilim ransomware strain emerged in 2020, exhibiting notable similarities to an earlier malware variant known as Nemty. It employed AES-128 encryption, appending the “.NEFILIM” extension to compromised files. Over time, the group behind it is believed to have rebranded under various names, including Fusion, Milihpen, Gangbang, Nemty, and Karma.
Among the group’s known victims are prominent corporations such as Toll Group, Orange, and Whirlpool. Stryzhak has been formally charged with conspiracy to commit wire fraud and extortion involving computer systems. If convicted, he faces a sentence of up to five years in federal prison.