Ukrainian extradited from Ireland pleads guilty in Conti ransomware case

A Ukrainian national extradited from Ireland has pleaded guilty in one of the clearest U.S. attempts yet to keep pressure on the people behind Conti, the ransomware network that prosecutors say spread across 47 states, the District of Columbia, Puerto Rico and 31 foreign countries. Oleksii Oleksiyovych Lytvynenko, 44, admitted to conspiracy to commit wire fraud and faces sentencing on September 10.

The Justice Department said Lytvynenko joined Conti in September 2021 and helped a criminal enterprise that infected more than 1,000 computers and networks worldwide. Federal officials have said the group generated at least $150 million in ransom payments, while CISA and the FBI warned in 2021 that they had observed more than 400 Conti attacks on U.S. and international organizations. The State Department later described Conti as the most damaging ransomware strain ever documented.

Lytvynenko’s case shows how the U.S. is trying to chase ransomware actors even after their brands fade. Prosecutors said he was arrested in Ireland in July 2023 at the request of the United States and detained while extradition moved forward. By the time he appeared in U.S. proceedings in October 2025, prosecutors said he was living in Cork, Ireland and had allegedly continued cybercrime until days before his arrest.

The plea also ties Conti’s economics to specific victims. Prosecutors said Lytvynenko held data on 12 victims, including eight in the United States, and developed malware used in some attacks. Court filings also alleged that he controlled stolen data and helped write ransom notes deployed on victims’ systems. In the Middle District of Tennessee, the conspiracy extorted more than $500,000 in cryptocurrency from two victims, and stolen data from a third was published after that victim refused a $3 million ransom demand.

Conti publicly shut down in 2022 after internal leaks, but parts of the operation splintered into successor groups, a reminder that ransomware cases often hit interchangeable operators rather than ending the underlying market. Still, the extradition from Ireland, the guilty plea and the pending sentence show a steady U.S. strategy: charge the participants, work with foreign police such as An Garda Síochána, and keep building cases against transnational crews that depend on borders, aliases and cryptocurrency trails to keep moving.