Conti Ransomware Group Member Pleads Guilty to Participating in Global Attacks
A longtime former member of the Conti ransomware group, Oleksii Oleksiyovych Lytvynenko, also known as Alexsey Alexseevich Litvinenko, pleaded guilty to participating in some of the group's attacks in federal court, according to the Justice Department. Lytvynenko admitted to joining the group in September 2021 and holding data on 12 victims, including eight based in the United States.
The 44-year-old told the court he developed malware that Conti used in some of its attacks, according to officials. The Justice Department said Lytvynenko and his co-conspirators used the ransomware to attack more than 1,000 victims globally, ensnaring victims in 47 states, Washington, Puerto Rico, and about 31 countries.
Damage and Extortion
The FBI estimates Conti extorted more than $150 million in ransom payments from victims. Lytvynenko and his co-conspirators used the ransomware to terrorize people and businesses in the United States and around the world, causing millions of dollars in damage, according to A. Tysen Duva, assistant attorney general of the Justice Department's criminal division.
Lytvynenko pleaded guilty to conspiracy to commit wire fraud and faces up to 20 years in prison upon sentencing, which is scheduled for Sept. 10. He was arrested in Ireland in July 2023, extradited to the United States in October 2025, and remains in federal custody in Tennessee where at least three of his victims are based.
Conti Ransomware Group's Impact
Conti was among the most prolific ransomware groups globally, impacting hundreds of critical infrastructure providers, Costa Rica's government in 2022, and ultimately leading the State Department to offer a $10 million reward for information related to Conti's leaders. The group was notoriously resilient, bouncing back with new infrastructure and hitting new targets after a massive leak exposed chats between the group's members in 2022.
Conti disbanded later that year, but members of the Cyrillic-language group rebranded under three subgroups: Zeon, Black Basta, and Quantum, which quickly rebranded to Royal, before rebranding again to BlackSuit in 2024.
Law Enforcement Response
Lytvynenko's guilty plea is a significant step toward holding cyber criminals accountable for the damage they inflict on victims worldwide, according to Brett Leatherman, assistant director of the FBI's cyber division. Lytvynenko profited from fear and coercion, conspiring to use Conti ransomware to extort victims and steal their data.
Four of Lytvynenko's alleged co-conspirators — Maksim Galochkin, Maksim Rudenskiy, Mikhail Mikhailovich Tsarev, and Andrey Yuryevich Zhuykov — were indicted in 2023 in the same federal court for crimes related to their suspected involvement in Conti attacks from 2020 to 2022.
- Lytvynenko and his co-conspirators extorted about $634,000 in Bitcoin from two victims in Tennessee, including an undisclosed government entity that resulted in the compromise of a sheriff's department, local emergency medical services, and a local police department.
- According to an indictment that was unsealed last fall, Lytvynenko and his co-conspirators also leaked data they stole from another Tennessee-based victim after it refused to pay a $3 million ransom demand.
Authorities said Lytvynenko engaged in cybercrime after Conti disbanded and its members splintered off into new groups, adding that he was asleep but within arms' reach of an open laptop running Cobalt Strike at the time of his arrest.
The defendant and his conspirators used the Conti ransomware to terrorize people and businesses in the United States and around the world, causing millions of dollars in damage. - A. Tysen Duva, assistant attorney general of the Justice Department's criminal division
Lytvynenko's guilty plea marks a significant milestone in the efforts of law enforcement to hold cyber criminals accountable for their actions and to disrupt the operations of ransomware groups like Conti.
Source: CyberScoop