Ukrainian pleads guilty in Conti ransomware case

▼ Summary
– Ukrainian national Oleksii Oleksiyovych Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in the Conti ransomware operation between 2021 and 2022.
– Lytvynenko admitted to joining the Conti conspiracy in September 2021 and possessing data stolen from eight U.S. and four overseas victims.
– He worked on coding a “loader” malware used to facilitate attacks as part of a team run by another Conti conspirator.
– Conti targeted over 1,000 victims worldwide, collecting more than $150 million in ransom payments from hospitals, businesses, schools, and government agencies.
– Lytvynenko faces up to 20 years in prison following his extradition from Ireland to the United States after his arrest in July 2023.
A Ukrainian national who was extradited from Ireland to the United States last year has entered a guilty plea for his involvement in the notorious Conti ransomware operation. The U.S. Department of Justice confirmed on Thursday that 44-year-old Oleksii Oleksiyovych Lytvynenko admitted to one count of conspiracy to commit wire fraud, stemming from attacks carried out between 2021 and 2022.
Prosecutors detailed that Lytvynenko and his associates deployed Conti ransomware on networks belonging to victims both in the United States and internationally. Their method involved stealing sensitive data and encrypting devices, then demanding Bitcoin ransom payments to restore access. According to the DOJ, Lytvynenko confessed to joining the Conti conspiracy around September 2021 and acknowledged possessing data pilfered from eight U. S. victims and four others abroad.
Lytvynenko also admitted to being part of a team under another Conti conspirator, where his work focused on coding a “loader.” This type of malware is designed to install the necessary software for executing attacks. The Conti ransomware group was among the most active cybercrime syndicates during its peak, targeting a wide array of entities including hospitals, businesses, schools, and government agencies globally.
Court records indicate that Conti struck over 1,000 victims worldwide, amassing more than $150 million in ransom payments. Lytvynenko’s guilty plea follows his arrest in July 2023 and subsequent extradition from Ireland. He now faces a maximum sentence of 20 years in prison.
The Conti gang evolved from the Ryuk cybercrime group and had strong ties to the TrickBot malware syndicate. The group gained infamy for its large-scale assaults on healthcare organizations, governments, and corporations. Its operations ceased in 2022 after internal chats were leaked and law enforcement pressure intensified.
Security experts believe that former Conti members later fragmented into other ransomware enterprises, including BlackCat, Black Basta, ZEON, Hive, Quantum, BlackByte, Karakurt, and the Silent Ransom Group. In September 2023, the U. S. and the United Kingdom jointly sanctioned and charged nine Russian nationals linked to the TrickBot and Conti operations for attacks targeting over 900 victims worldwide.
(Source: BleepingComputer)

