Ryuk Ransomware Affiliate Extradited to U.S. After Global Cyberattacks
In a coordinated international operation, a 33-year-old man linked to the Ryuk ransomware group was extradited to the U.S. from Ukraine on June 18, 2025. The suspect, arrested in Kyiv in April at the FBI’s request, specialized in gaining initial access to corporate networks and is accused of participating in attacks targeting companies across France, Norway, Germany, the Netherlands, Canada, and the U.S.
Ukrainian cyber police, alongside the National Police and global law enforcement partners, launched the investigation in 2023 following a wave of ransomware incidents tied to the group. The extradition marks a significant step in disrupting Ryuk’s operations, which have long been associated with high-profile cyber extortion campaigns.
The case underscores the persistent threat of ransomware gangs and the growing collaboration between nations to counter cybercrime. No further details on the suspect’s identity or the specific companies affected have been disclosed.
Geisinger cybersecurity rating report: https://www.rankiteo.com/company/geisinger
"id": "GEI1767779516",
"linkid": "geisinger",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'location': 'France', 'type': 'Corporate'},
{'location': 'Norway', 'type': 'Corporate'},
{'location': 'Germany', 'type': 'Corporate'},
{'location': 'Netherlands', 'type': 'Corporate'},
{'location': 'Canada', 'type': 'Corporate'},
{'location': 'USA', 'type': 'Corporate'}],
'attack_vector': 'Initial Access Broker',
'date_publicly_disclosed': '2025-06-18',
'description': 'A 33-year-old foreign man, a member of the Ryuk ransomware '
'operation specializing in gaining initial access to corporate '
'networks, was arrested in Kyiv in April 2025 and extradited '
'to the United States on June 18. The suspect was involved in '
'ransomware attacks on companies in France, Norway, Germany, '
'the Netherlands, Canada, and the USA.',
'initial_access_broker': {'entry_point': 'Corporate networks'},
'investigation_status': 'Ongoing (suspect extradited to U.S.)',
'motivation': 'Financial Gain',
'ransomware': {'ransomware_strain': 'Ryuk'},
'references': [{'date_accessed': '2025-06-18',
'source': 'National Police of Ukraine',
'url': 'https://databreaches.net/feed/'},
{'date_accessed': '2025-06-18',
'source': 'DataBreaches.net',
'url': 'https://databreaches.net'}],
'regulatory_compliance': {'legal_actions': 'Extradition to U.S. for '
'prosecution'},
'response': {'law_enforcement_notified': 'Yes',
'third_party_assistance': 'International law enforcement '
'partners (FBI, Ukrainian cyber '
'police, National Police)'},
'threat_actor': 'Ryuk Ransomware Operation',
'title': 'Ryuk Ransomware Initial Access Broker Extradited to U.S.',
'type': 'Ransomware'}