The US authorities have taken custody of a 33-year-old man believed to have worked as an initial access broker (IAB) for the notorious Ryuk ransomware operation.
The Office of the Prosecutor General of Ukraine confirmed the extradition in a Telegram post yesterday.
“Thanks to coordinated cooperation, Ukrainian law enforcement officers detained a foreigner in Kyiv in April 2025 at the request of the United States,” it noted.
“By decision of the Solomyanskyi District Court of Kyiv, he was placed under extradition arrest.”
It’s unclear what nationality the man is. However, Ukraine’s National Police revealed in a press release also dated yesterday that he was identified thanks to forensic analysis of equipment seized in a previous raid back in November 2023.
In that operation – jointly carried out by Ukraine and US, French, Norwegian, Dutch, German officers, as well as representatives of Europol and Eurojust – investigators targeted a prolific ransomware affiliate group.
Five were arrested, including the alleged ringleader, for crimes linked to the encryption of 250 servers belonging to large organizations in 71 countries. They are said to have deployed the LockerGoga, MegaCortex, Hive and Dharma ransomware variants.
Officers conducted over 80 searches in Ukraine and seized crypto assets worth more than half a million dollars, as well as luxury cars and land covering almost 12 hectares.
Read more on Ryuk: Sopra Steria: Ryuk Attack May Cost Us $60m
The extradited individual has been linked to the Ryuk ransomware operation, which subsequently rebranded as Conti. Together, the groups are thought to have made hundreds of millions in profits.
“Thanks to the analysis of the information obtained as a result of investigative actions, it was possible to additionally identify a 33-year-old member of the group who was engaged in searching for vulnerabilities in the corporate networks of the victim enterprises,” said Ukraine’s National Police.
“The data obtained by the hacker was used by his accomplices to plan and carry out cyber-attacks.”
Ryuk was one of the most prolific strains of ransomware during its active years between 2018-20, making an estimated $150m from victims. It infamously targeted hospitals during the pandemic, complicating efforts to treat COVID-19 patients.
No tags.
