Ukrainian national Oleksii Lytvynenko pleaded guilty in the U.S. for his role in Conti ransomware attacks targeting victims worldwide.Oleksii Oleksiyovych Lytvynenko (44), a Ukrainian national extradited from Ireland to the U.S., has pleaded guilty to conspiracy to commit wire fraud for his involvement in the Conti ransomware operation. Prosecutors said he helped conduct attacks between 2021 and 2022, during which victims’ systems were encrypted, data was stolen, and Bitcoin ransom payments were demanded from organizations in the U.S. and other countries.According to the DoJ, the Conti ransomware variant infected more than 1,000 computers and networks worldwide.Court documents say Oleksii Lytvynenko, based in Cork, Ireland, worked with others in the Conti ransomware group to hack victims’ networks, encrypt files, and demand ransom payments in exchange for restoring access and not leaking stolen data.Between 2020 and 2022, Conti attacks hit systems across 47 U.S. states, 31 countries, the District of Columbia, and Puerto Rico. The FBI estimates that at least $150 million in ransom payments were made by January 2022.Lytvynenko admitted to joining the group around September 2021. He acknowledged holding stolen data from multiple victims in the U.S. and abroad. He also worked on developing malware components, including a “loader” used to deliver other malicious tools during attacks.“He admitted to possessing data from eight U.S. and four overseas victims which had been stolen by Conti conspirators. Lytvynenko further admitted to joining a team run by a Conti conspirator during which time Lytvynenko was directed to work on coding a “loader,” which is typically a type of malware, or malicious software, that is used to load programs necessary to execute other malicious attacks.” reads the press release published by DoJ.Oleksii Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in the Conti ransomware operation. He is scheduled to be sentenced on September 10, 2026, and faces up to 20 years in prison. The final sentence will be determined by a federal judge after considering U.S. sentencing guidelines and other statutory factors.In September 2023, four other Conti conspirators were indicted in Tennessee. The FBI and U.S. Secret Service are investigating, with DOJ prosecutors handling the case.“Lytvynenko’s guilty plea is a significant step toward holding cyber criminals accountable for the damage they inflict on victims worldwide,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “Lytvynenko profited from fear and coercion, conspiring to use Conti ransomware to extort victims and steal their data. This case demonstrates that the FBI and our partners will relentlessly pursue those responsible for cybercrimes, regardless of where they operate, and bring them to justice.”Conti emerged from the Ryuk gang and was closely linked to the TrickBot malware operation. The group became known for attacks on healthcare organizations, governments, and businesses before shutting down operations in 2022 after internal chats were leaked and law enforcement pressure increased. Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, Conti Ransomware)