A Ukrainian national has pleaded guilty to his role in the Conti ransomware operation, one of the most prolific cybercrime campaigns in recent years. The U.S. Department of Justice announced that Oleksii Oleksiyovych Lytvynenko, 44, admitted to participating in a conspiracy that deployed Conti ransomware against more than 1,000 victims worldwide, resulting in at least $150 million in ransom payments.
Lytvynenko entered his guilty plea after being extradited from Ireland to the United States. He pleaded guilty to participating in a wire fraud conspiracy connected to the ransomware scheme that targeted organizations across the United States and dozens of other countries.
Conti Ransomware Targeted Victims Worldwide
According to court documents, the Conti ransomware group carried out attacks between 2020 and 2022, compromising computers and networks in 47 U.S. states, the District of Columbia, Puerto Rico, and 31 foreign countries.
Investigators allege that members of the operation gained unauthorized access to victim networks, encrypted critical data, and demanded ransom payments in exchange for restoring access. Victims were also threatened with public exposure of stolen information if they refused to pay.
The FBI estimates that, by January 2022, the ransomware campaign had generated at least $150 million in ransom proceeds, making Conti one of the most financially damaging ransomware operations ever investigated by U.S. authorities.
Assistant Attorney General A. Tysen Duva said the defendants used the ransomware variant to terrorize businesses and individuals globally, causing extensive financial losses and operational disruption.
Defendant Admitted Role in Malware Development
Court filings show that Lytvynenko joined the conspiracy no later than September 2021. He admitted to possessing stolen data belonging to eight U.S. victims and four international victims whose information had been compromised by members of the group.
Authorities also stated that he worked as part of a team directed by another Conti conspirator and assisted in developing a malware “loader.” Such tools are commonly used to deploy malicious software and execute additional attacks on compromised systems.
The admission provides investigators with further insight into the technical infrastructure behind the Conti ransomware operation and the roles played by individual members within the criminal enterprise.
International Cooperation Led to Arrest and Extradition
The case highlights the growing collaboration between international law enforcement agencies in combating cybercrime. U.S. authorities worked alongside multiple Irish agencies, including the Irish Department of Justice, Home Affairs and Migration, the Office of the Attorney General, and the Garda National Cyber Crime Bureau to secure Lytvynenko’s arrest and extradition.
Assistant Director Brett Leatherman of the FBI Cyber Division described the guilty plea as an important step toward holding cybercriminals accountable for the damage caused to victims around the world.
The U.S. Secret Service also emphasized that international borders would not prevent authorities from pursuing individuals involved in ransomware operations. Officials said the case demonstrates a continued commitment to identifying and prosecuting every member of organized cybercriminal networks.
Part of Broader Operation Riptide Crackdown
The prosecution forms part of Operation Riptide, an ongoing FBI initiative targeting criminal actors, infrastructure, and financial networks involved in cyber-enabled crime and fraud.
According to the Department of Justice, Americans reported more than $20 billion in cybercrime-related losses last year, representing a 26% increase from the previous year. Through Operation Riptide, authorities are focusing on dismantling ransomware groups, fraud operations, and other transnational cybercriminal organizations responsible for significant financial harm.
Lytvynenko faces a maximum sentence of 20 years in federal prison. He is scheduled to be sentenced on September 10, 2026. A federal judge will determine the final sentence after considering federal sentencing guidelines and other statutory factors.
The investigation was led by the FBI’s San Diego, Nashville, and El Paso field offices, alongside the U.S. Secret Service. Prosecutors noted that the case remains part of a broader effort to identify and prosecute additional individuals linked to the Conti ransomware conspiracy.
