A Ukrainian national extradited from Ireland has pleaded guilty in a U.S. ransomware case tied to Conti, one of the most damaging cybercrime operations of the early 2020s.
Oleksii Oleksiyovych Lytvynenko, 44, pleaded guilty to conspiracy to commit wire fraud, according to the Justice Department. DOJ said Conti ransomware infected more than 1,000 computers and networks worldwide and generated at least $150 million in ransom payments.
The plea does not close the larger Conti story. Prosecutors said the ransomware was used from 2020 until 2022 against victims in 47 states, 31 foreign countries, the District of Columbia, and Puerto Rico.
The case shows how U.S. prosecutors are still working through the human network behind a ransomware brand that encrypted files, stole data, and pressured victims to pay so their systems could be restored and their information would not be released.
DOJ Says Conti Hit More Than 1,000 Victims
Ukrainian National Pleads GUILTY to Wire Fraud Conspiracy in Connection with Conti Ransomware.
— Criminal Division (@DOJCrimDiv) June 12, 2026
According to court documents summarized by DOJ, Lytvynenko, of Cork, Ireland, conspired with others to deploy Conti ransomware to extort victims and steal their data. Prosecutors said the conspirators hacked into victims’ computers and networks, encrypted files, and demanded ransom payments to restore access and prevent stolen information from being publicly released.
The FBI estimated that, as of January 2022, Conti ransomware attacks had resulted in at least $150 million in ransom payments. DOJ said Conti was used against victims across the United States and overseas before the operation’s known activity ended in 2022.
He Admitted Joining The Conspiracy In 2021
Lytvynenko admitted that he joined the Conti conspiracy no later than about September 2021, according to DOJ. He also admitted that he possessed data stolen by Conti conspirators from 12 victims, including eight in the United States and four overseas.
DOJ said Lytvynenko joined a team run by another Conti conspirator and was directed to work on coding a “loader,” a type of malware used to load programs needed to execute other malicious attacks.
The Loader Detail Shows How Ransomware Cases Reach Beyond The Final Attack
Ransomware cases often focus on the moment victims lose access to files. The loader detail points to a different part of the operation: the tools and support work that can help prepare an attack before a ransom note appears.
A loader can help deliver or run other malicious programs inside a victim’s system.
Access brokers, coders, operators, money movers, negotiators, and affiliates can all help the larger scheme function, even if they do not all perform the same job.
The Plea Followed Extradition From Ireland
Lytvynenko was extradited from Ireland before the guilty plea. DOJ said Irish authorities, including the Irish Department of Justice, Home Affairs, and Migration, the Irish Office of the Attorney General, and the Garda National Cyber Crime Bureau, helped secure his arrest and extradition.
The FBI’s San Diego, Nashville, and El Paso field offices and the U.S. Secret Service are investigating the case. The prosecution is being handled by the Justice Department’s Computer Crime and Intellectual Property Section and the U.S. Attorney’s Office for the Middle District of Tennessee.
DOJ also noted that a September 2023 indictment charging four other Conti conspirators had previously been unsealed in the Middle District of Tennessee.
He Faces Up To 20 Years
Lytvynenko is scheduled to be sentenced Sept. 10, 2026. He faces a maximum penalty of 20 years in prison, though the final sentence will be decided by a federal judge after reviewing the U.S. Sentencing Guidelines and other statutory factors.
The case is part of Operation Riptide, an FBI campaign targeting criminal actors, infrastructure, and financial networks behind cybercrime, cyber-enabled crime, and fraud. DOJ said Americans reported more than $20 billion in cybercrime losses last year, a 26% single-year increase.