Ukrainian National Pleads Guilty to Wire Fraud Conspiracy in Connection with Conti Ransomware

Conti Attacked Over 1,000 Victims, Resulting in at least $150 Million in Ransom Payments Following his extradition from Ireland, Oleksii Oleksiyovych Lytvynenko, 44, a Ukrainian national, pleaded guilty on Wednesday to conspiracy to commit wire fraud in connection with a conspiracy to deploy Conti, a ransomware variant that infected more than 1,000 computers and networks worldwide. “This guilty plea is a powerful reminder that cybercriminals — whether acting alone or as part of a larger group — cannot hide behind their keyboards or international borders,” said Acting Special Agent in Charge Andrew Forrest of the U.S. Secret Service (USSS) Criminal Investigative Division. “While this individual played a role in a group responsible for significant harm, this guilty plea demonstrates our commitment to tracking down every member of these criminal networks. The Secret Service will continue to work with our partners here and around the world to disrupt ransomware operations and ensure those responsible are held accountable.” According to court documents, Lytvynenko, of Cork, Ireland, conspired with others to deploy Conti ransomware to extort victims and steal their data. Court filings allege the conspirators hacked into victims’ computers and networks, encrypted data, and demanded a ransom to restore the victims’ access to their files and to avoid public disclosure of the stolen information. From 2020 until 2022, Conti was used to attack computers and networks in 47 states, 31 foreign countries, as well as the District of Columbia and Puerto Rico. The FBI estimates that, as of January 2022, Conti ransomware attacks resulted in at least $150 million in ransom payments. Lytvynenko admitted to joining the Conti conspiracy no later than approximately September 2021. He admitted to possessing data from eight U.S. and four overseas victims which had been stolen by Conti conspirators. Lytvynenko further admitted to joining a team run by a Conti conspirator during which time Lytvynenko was directed to work on coding a “loader,” which is typically a type of malware, or malicious software, that is used to load programs necessary to execute other malicious attacks. Lytvynenko pleaded guilty to conspiracy to commit wire fraud. He is scheduled to be sentenced on Sept. 10, 2026, and faces a maximum penalty of 20 years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors. In September 2023, an indictment charging four other Conti conspirators was unsealed in the Middle District of Tennessee.