A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States.
The suspect is a 33-year-old foreign man who was arrested in April 2025 in his home in Kyiv at the request of the FBI. He was extradited to the United States yesterday, June 18.
In 2023, the Ukrainian cyber police, the National Police, and international law enforcement partners began investigating a ransomware operation whose members carried out attacks on companies in France, Norway, Germany, the Netherlands, Canada, and the USA.
This operation led to the identification, seizure of devices, and arrest of multiple cybercriminals residing in Ukraine for their involvement in the LockerGoga, MegaCortex, Hive, and Dharma ransomware families.
In an announcement, Ukraine’s National Police says the investigation also allowed them to identify a Ryuk ransomware member who specialized in gaining access to corporate networks and then handing it off to other members to steal data and deploy the ransomware.
“Through the analysis of the information obtained as a result of the investigative actions, it was possible to additionally identify a 33-year-old member of the group who was engaged in searching for vulnerabilities in the corporate networks of the victim companies,” reads the announcement.
“The data obtained by the hacker was used by his accomplices to plan and carry out cyberattacks.”
While the name of the 33-year-old man is currently unknown, Ukraine says that the suspect was previously placed on an international wanted list by the FBI and was charged with numerous crimes by the United States.
The Ryuk ransomware gang was active between 2018 and the middle of 2020, when it was responsible for numerous attacks on organizations across almost all sectors, including healthcare during the Covid pandemic.
In 2020, the ransomware gang rebranded as the Conti ransomware operation, which became one of the most active gangs at the time.
In 2022, the Conti ransomware gang shut down, splintering into numerous groups, with some still active today.
Researchers previously tracked ransom payments to the cybercrime operation and estimate that Ryuk earned $150 million while active.
BleepingComputer contacted the Department of Justice with questions about the extradition and will update the story if we receive a response.
Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.
In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.