Ukrainian national pleads guilty to role in Conti ransomware operation
A Ukrainian national extradited from Ireland has pleaded guilty in the U.S. to conspiracy charges for his role in the Conti ransomware operation.
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. The U.S. Department of Justice announced Thursday that 44-year-old Oleksii Oleksiyovych Lytvynenko pleaded guilty to conspiracy to commit wire fraud for his role in Conti ransomware attacks conducted between 2021 and 2022.
According to prosecutors, Lytvynenko and his co-conspirators deployed Conti ransomware on victim networks in the United States and abroad, stealing data and encrypting devices to extort Bitcoin ransom payments. The DOJ stated that Lytvynenko admitted to joining the Conti conspiracy in approximately September 2021 and possessing data stolen from eight U.S. victims and four overseas victims. He also admitted to joining a team run by another Conti conspirator, where he worked on coding a "loader," a type of malware used to load software needed to carry out attacks.
The Conti ransomware operation was one of the most prolific cybercrime groups active at the time, targeting hospitals, businesses, schools, and government agencies worldwide. Court documents state that Conti targeted more than 1,000 victims worldwide and collected over $150 million in ransom payments. The group emerged from the Ryuk cybercrime group and was closely tied to the TrickBot malware syndicate.
The guilty plea follows Lytvynenko's extradition from Ireland to the United States after his arrest in July 2023. Lytvynenko now faces a maximum sentence of 20 years in prison. The Conti ransomware gang became notorious for large-scale attacks against healthcare organizations, governments, and enterprises before shutting down in 2022, following the leak of its internal chats and increased law enforcement pressure.
Security researchers believe former Conti members later splintered into other ransomware groups, including BlackCat, Black Basta, ZEON, Hive, Quantum, BlackByte, Karakurt, and the Silent Ransom Group. In September 2023, the U.S. and the United Kingdom also sanctioned and charged nine Russian nationals associated with the TrickBot and Conti ransomware cybercrime operations for attacks against more than 900 victims worldwide.
This guilty plea marks another significant step in holding Conti operatives accountable, though many of the group's core members remain at large. The case underscores the international reach of ransomware investigations and the ongoing efforts to dismantle the infrastructure that enabled one of the most damaging cybercrime campaigns in history.
The guilty plea, entered in federal court on June 12, 2026, reveals that Lytvynenko admitted to developing malware for Conti and holding data on 12 victims, including eight U.S.-based entities. The FBI estimates the group extorted over $150 million globally, with Lytvynenko specifically involved in extorting approximately $634,000 in Bitcoin from two Tennessee victims, including an undisclosed government entity. He faces up to 20 years in prison at sentencing scheduled for September 10, 2026, and remains in federal custody in Tennessee after being extradited from Ireland in October 2025.