Ukrainian Conti Ransomware Affiliate Pleads Guilty in U.S. After Extradition
A 44-year-old Ukrainian national, Oleksii Oleksiyovych Lytvynenko, has pleaded guilty in the U.S. for his role in the Conti ransomware operation, one of the most prolific cybercrime groups active during the pandemic. Extradited from Ireland in October 2025, Lytvynenko admitted to conspiracy to commit wire fraud, acknowledging his involvement in attacks that targeted over 1,000 computers and networks globally between 2020 and 2022.
According to the U.S. Department of Justice, Conti’s ransomware campaigns affected victims across 47 U.S. states, the District of Columbia, Puerto Rico, and 31 foreign countries, including businesses and organizations of varying sizes. The FBI estimates that victims paid at least $150 million in ransoms by early 2022, with the group employing a standard extortion model encrypting files, stealing data, and threatening to leak sensitive information if demands were not met.
Lytvynenko, who joined the conspiracy in September 2021, admitted to handling stolen data from eight U.S. victims and four international targets. Court documents reveal he worked under a Conti member’s direction to develop a "loader," a tool used to deploy additional malicious software during attacks.
His sentencing is scheduled for September 10, 2026, where he faces a maximum of 20 years in prison, though the final penalty will be determined by a federal judge.
The case is part of Operation Riptide, an FBI initiative targeting cybercrime infrastructure and financial networks behind ransomware and online fraud. The operation follows a broader U.S. crackdown on ransomware gangs, including recent guilty pleas from two Americans linked to the ALPHV (BlackCat) group and another Ukrainian national involved in the Nefilim ransomware scheme.
Source: https://hackread.com/extradited-ukrainian-admits-conti-ransomware-attacks/
Conti LLC cybersecurity rating report: https://www.rankiteo.com/company/conti-llc
"id": "CON1781367832",
"linkid": "conti-llc",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'location': '47 U.S. states, District of Columbia, '
'Puerto Rico, and 31 foreign countries',
'size': 'Varying sizes',
'type': 'Businesses and organizations'}],
'attack_vector': 'Malicious software deployment (loader tool)',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High (threatened to leak)',
'type_of_data_compromised': 'Sensitive data'},
'description': 'A 44-year-old Ukrainian national, Oleksii Oleksiyovych '
'Lytvynenko, has pleaded guilty in the U.S. for his role in '
'the Conti ransomware operation. He admitted to conspiracy to '
'commit wire fraud, acknowledging his involvement in attacks '
'that targeted over 1,000 computers and networks globally '
'between 2020 and 2022. Lytvynenko handled stolen data from '
'eight U.S. victims and four international targets and '
"developed a 'loader' tool to deploy additional malicious "
'software during attacks.',
'impact': {'data_compromised': 'Sensitive data stolen and threatened to be '
'leaked',
'financial_loss': '$150 million (estimated ransom payments)',
'systems_affected': 'Over 1,000 computers and networks globally'},
'investigation_status': 'Closed (guilty plea)',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_paid': '$150 million (estimated)',
'ransomware_strain': 'Conti'},
'references': [{'source': 'U.S. Department of Justice'},
{'source': 'FBI (Operation Riptide)'}],
'regulatory_compliance': {'legal_actions': 'Conspiracy to commit wire fraud '
'(guilty plea)'},
'response': {'law_enforcement_notified': 'Yes (FBI, U.S. Department of '
'Justice)'},
'threat_actor': 'Conti ransomware group',
'title': 'Ukrainian Conti Ransomware Affiliate Pleads Guilty in U.S. After '
'Extradition',
'type': 'Ransomware'}