INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
Extradited Ukrainian Man Admits Conti Ransomware Attacks
| 2026-06-13 14:31 CRITICAL HIGHExecutive Summary AI-generated
The Conti ransomware operation, one of the most damaging cybercrime groups active during the pandemic years, has led to a string of high-profile cases in the United States. Ukrainian nationals have been implicated in multiple instances, including extradition from Ireland and guilty pleas for conspiracy to commit wire fraud. The US Department of Justice has targeted these individuals with its Operation Riptide campaign, aiming to disrupt cybercrime actors' infrastructure and financial networks. As part of this effort, several Ukrainians have pleaded guilty to deploying ransomware gangs like Conti, highlighting the complexity and reach of modern-day cyber threats.
Technical Mitigations AI-generated
• Loader: A loader is a malicious tool used to install or run other malicious tools needed for further attacks in ransomware operations. It's commonly used by Conti members to code and execute their malware.
• Ransom note: The Conti ransomnote contains the group's demands, threats, and instructions for victims who refuse to pay the ransom. It often includes information about stolen data if the victim refuses to comply.
• Cryptographic techniques: Prosecutors mentioned that Conti used a familiar ransomware model involving compromising victim networks, encrypting files, stealing data, and making ransom demands. This suggests the use of various cryptographic techniques for encryption and decryption purposes in their malware operations.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation RiptideOperation Riptide
ContiContiALPHVALPHVBlackCatBlackCat
Target & Sectors
NORTH_AMERICA
NORTH_AMERICA
governmentgovernment
legallegal
Incident Timeline
September 2021
Lytvynenko admitted that he joined the Conti conspiracy in September 2021 and worked with a member to code a "loader".
January 2022
The FBI used Conti ransomware attacks to target victims in 47 US states, the District of Columbia, Puerto Rico, and 31 foreign countries.
Click on any entity below to view its context and source!
attribution
FBI
The FBI estimates that by January 2022, victims had paid at least $150 million in ransom demands linked to the malware.
financial
$150 victims
The FBI estimates that by January 2022, victims had paid at least $150 million in ransom demands linked to the malware.
organisation
the Justice Department
Conti ransomware gang’s ransom note
In its
press release
, the Justice Department said Conti ransomware attacks had targeted victims in 47 US states, the District of Columbia, Puerto Rico, and 31 foreign countries.
2025/06/13
The FBI reported that Americans lost over $20 billion in cybercrime losses last year, a 26 percent increase from the prior year.
Click on any entity below to view its context and source!
attribution
FBI
According to the FBI, Americans reported more than $20 billion in cybercrime losses last year, a 26 percent increase from the prior year.
financial
$20 Americans
According to the FBI, Americans reported more than $20 billion in cybercrime losses last year, a 26 percent increase from the prior year.
general_metric
26 percent
According to the FBI, Americans reported more than $20 billion in cybercrime losses last year, a 26 percent increase from the prior year.
October 2025
Ukrainian man admitted to role in Conti ransomware attacks following his extradition from Ireland.
Click on any entity below to view its context and source!
December 2025
Artem Aleksandrovych Stryzhak, a Ukrainian national, pleaded guilty in December 2025 to deploying Nefilim ransomware as part of a global extortion scheme targeting companies.
Click on any entity below to view its context and source!
tactic
Ransomware
In December 2025, two Americans, Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas,
pleaded guilty
in a Florida federal court to carrying out a series of extortion attacks for the ALPHV, also known as BlackCat, ransomware gang during 2023.
target_region
Georgia
In December 2025, two Americans, Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas,
pleaded guilty
in a Florida federal court to carrying out a series of extortion attacks for the ALPHV, also known as BlackCat, ransomware gang during 2023.
tactic
Extortion
In December 2025, two Americans, Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas,
pleaded guilty
in a Florida federal court to carrying out a series of extortion attacks for the ALPHV, also known as BlackCat, ransomware gang during 2023.
malware
ALPHV
In December 2025, two Americans, Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas,
pleaded guilty
in a Florida federal court to carrying out a series of extortion attacks for the ALPHV, also known as BlackCat, ransomware gang during 2023.
malware
BlackCat
In December 2025, two Americans, Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas,
pleaded guilty
in a Florida federal court to carrying out a series of extortion attacks for the ALPHV, also known as BlackCat, ransomware gang during 2023.
between 2020 and 2022
The Conti ransomware attack was used between 2020 and 2022 to target more than 1,000 computers in the United States.
Click on any entity below to view its context and source!
target_region
United States
According to the US Department of Justice, Conti was used between 2020 and 2022 to attack more than 1,000 computers and networks.
malware
Conti
According to the US Department of Justice, Conti was used between 2020 and 2022 to attack more than 1,000 computers and networks.
organisation
the US Department of Justice
According to the US Department of Justice, Conti was used between 2020 and 2022 to attack more than 1,000 computers and networks.
general_metric
1,000 computers
According to the US Department of Justice, Conti was used between 2020 and 2022 to attack more than 1,000 computers and networks.
September 10, 2026
The US government's efforts to identify and prosecute people linked to ransomware gangs, including Operation Riptide, continue with a scheduled sentencing for Ukrainian man Konstantin Lytvynenko.
Tactical Metrics
Metrics
financial
20,000,000,000
Americans
Click for context!
According to the FBI, Americans reported more than $20 billion in cybercrime losses last year, a 26 percent increase from the prior year.
Metrics
financial
150,000,000
Victims
The FBI estimates that by January 2022, victims had paid at least $150 million in ransom demands linked to the malware.
Intelligence Sources
HackRead
2026-06-13
HackRead
2026-06-13
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Incident Version History
CURRENT VERSION
Last Updated: 2026-06-29T06:07
Comprehensive Tactical Telemetry
Highly Correlated Entities
9x
timeline
Temporal Reference
October 2025
date
6x
target region
Target Country
Ireland
country
4x
organisation
Identified Entity
Hackread.com
entity
3x
malware
Malware Payload
Conti
tool
2x
tactic
Cyber Operation Type
Ransomware
tactic
2x
industry
Targeted Sector
Government
sector
Contextual Telemetry
Context Block
9 METRICS
general metric
Computers
1,000
computers
general metric
Us States
47
us states
general metric
Foreign Countries
31
foreign countries
source region
Origin Country
United States
country
campaign
Campaign
Operation Riptide
operation
attribution
Attributing Entity
FBI
authority
financial
Americans
20,000,000,000
americans
general metric
Percent
26
percent
financial
Victims
150,000,000
victims
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.