In June 2021, Stryzhak allegedly became an affiliate of the Nefilim ransomware operation in exchange for 20% of any ransom payments he generated from attacks. A Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. According to the U.S. Department of Justice, Stryzhak allegedly participated in ransomware attacks that targeted high-revenue companies, primarily in the United States, Norway, France, Switzerland, Germany, and the Netherlands. When conducting attacks, Nefilim affiliates breach corporate networks, steal data, and then encrypt devices using the ransomware encryptor. "In one exchange with Stryzhak in or about July 2021, a Nefilim administrator encouraged him to target companies in these countries with more than $200 million in annual revenue," reads the DOJ's press release. The ransomware encrypted files using AES-128 encryption and appended the ".NEFILIM" file extension to encrypted files. Stryzhak and his co-conspirators researched potential targets using online platforms to gather information about a company's revenue, size, and contact details. Ransom notes named "NEFILIM-DECRYPT.txt" were created throughout the device's file system, warning that stolen data would be leaked within seven days if negotiations were not started. Some companies hit by Nefilim attacks include Toll Group, Orange, and Whirlpool. The Nefilim ransomware launched in 2020, sharing much of its code with the Nemty ransomware.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 01 May 2025 19:45:09 +0000