In the shadowy world of cybercrime, a new “most wanted” figure has emerged: 28-year-old Ukrainian Vladimir Timoshchuk, with a staggering $10 million reward offered by the U.S. Federal Bureau of Investigation (FBI) for information leading to his arrest. This young mastermind is a key player in an international hacking network responsible for wreaking havoc on hundreds of companies worldwide, causing losses estimated at billions of dollars. From paralyzing a Norwegian aluminum giant to targeting American corporations, his malware has left a trail of destruction across Europe and the United States. Who is this “cyber phantom,” and why are the world’s top law enforcement agencies hunting him? We dive into the details of this high-profile case that exposes the fragility of global digital infrastructure.
Vladimir Viktorovich Timoshchuk, born in 1996 in Ukraine, is no ordinary hacker. Known in the cyber underworld by aliases such as “deadforz,” “Boba,” “msfv,” “Deforba,” and “Farnet Network,” he is considered a mastermind behind a sophisticated criminal syndicate specializing in ransomware attacks.
According to the FBI and the U.S. Department of Justice, Timoshchuk orchestrated operations that, between 2018 and 2021, targeted hundreds of companies, inflicting tens of millions in damages in the U.S. alone. Globally, Europol estimates the group’s activities caused a staggering $18 billion in losses—an amount surpassing the GDP of many nations.
Timoshchuk’s journey to infamy began in Ukraine, where he allegedly assembled a team of malware developers, hackers, and money launderers. A confessed accomplice, Artem Stryzhak, revealed to investigators that the group deliberately targeted major corporations with annual revenues exceeding $100 million. “We went after big fish to maximize profits,” Stryzhak admitted, shedding light on the inner workings of the syndicate. This was no amateur operation but a meticulously organized enterprise with clearly defined roles, from coding malware to negotiating ransoms.
Arsenal of Terror: LockerGoga, MegaCortex, and Nefilim—Viruses That Crippled the World
At the heart of Timoshchuk’s criminal empire are three devastating ransomware strains: LockerGoga, MegaCortex, and Nefilim (also known as NetWalker in some variants). These malicious programs infiltrated corporate networks, encrypted critical data, and demanded hefty ransoms for decryption. Between 2018 and 2021, they struck over 200 U.S. companies and hundreds more worldwide, disrupting operations and sowing chaos.
One of the most notorious incidents was the 2019 attack on Norsk Hydro, a major Norwegian aluminum company, where LockerGoga crippled production, forcing the company to resort to manual operations. The attack caused millions in damages and halted parts of the company’s operations. “It was digital terrorism: factories shut down, workers in panic, and hackers laughing behind screens with ransom demands,” cybersecurity experts commented. Similar attacks left traces across France, Germany, the Netherlands, and Switzerland, where Europol documented numerous incidents. The group targeted everything from healthcare institutions to industrial giants, exploiting vulnerabilities in critical sectors.
According to the U.S. Department of Justice, the syndicate didn’t just attack—it evolved, refining its malware for maximum impact. “This isn’t a teenager’s hobby but a professional criminal organization with a clear hierarchy,” the FBI noted. In total, over 500 victims worldwide, many of whom paid ransoms in cryptocurrency to avoid total collapse, fell prey to the group’s schemes.
Charges and the Hunt: From the U.S. to Europe
The U.S. Department of Justice has charged Timoshchuk with serious offenses, including conspiracy to commit computer fraud, intentional damage to protected systems, unauthorized access, and extortion. The indictment was unsealed in May 2024 in the Eastern District of New York, and on September 9, 2025, the U.S. State Department announced the reward. The total bounty stands at $11 million: $10 million for Timoshchuk and up to $1 million for information on other syndicate leaders.
The FBI believes Timoshchuk may be hiding in Poland, Romania, Moldova, Turkey, Russia, or Belarus—countries with porous borders or complex extradition processes. “He’s a ghost, but we’ll find him,” the FBI insists. The international investigation has already led to arrests of several syndicate members in Ukraine, where authorities mapped out the group’s structure, identifying roles from developers to money launderers. Europol and the FBI are collaborating closely, sharing intelligence on attacks across Europe.
Implications: Why This Case is a Wake-Up Call for the World
As Timoshchuk remains at large, his syndicate continues to evolve, posing new cyber threats. Experts warn that ransomware is not a relic of the past but a growing danger with the potential to target critical infrastructure. “The $18 billion in damages isn’t just a number—it’s shattered businesses, lost jobs, and a threat to national security,” analysts from the Organized Crime and Corruption Reporting Project (OCCRP) emphasize.
This case underscores the vulnerability of the global economy: from Norway to the U.S., no one is immune. For Ukraine, it’s a double blow—a nation fighting external aggression now linked to cybercrime. Will Timoshchuk be caught? The $10 million bounty is a powerful incentive, but hackers are adept at vanishing into the dark web. Stay tuned: this story is far from over.