New fugitive uploaded to EU Most Wanted list for major ransomware attacks

A high-value cybercrime suspect has been added to the EU Most Wanted list. The individual, a Ukrainian national, is believed to be a leading figure in an organised crime network responsible for the 2019 ransomware attack against a major Norwegian aluminium company, as well as a series of other global cyber-attacks.

The fugitive is wanted by several countries and is considered a top priority target for international law enforcement. The U.S. Department of Justice (DOJ) has announced a reward of up to USD 10 million for information leading to his arrest.

The identification of the suspect follows a complex international investigation, supported by Europol, into this ransomware network causing global damages worth billions. The case has involved close cooperation between investigators in France, Germany, the Netherlands, Norway, Switzerland, Ukraine, the United Kingdom and the United States together with Europol and Eurojust.

As part of this investigation, several members of the criminal network have already been arrested in Ukraine. Law enforcement has mapped the structure of the group, identifying actors at every level – from malware developers and intrusion specialists to money launderers responsible for handling the illicit proceeds.

The wanted fugitive deployed the LockerGoga ransomware to carry out his attacks.

Europol will continue to support the international search for the fugitive and calls on the public to check the EU Most Wanted website and share any information that could help law enforcement bring this individual to justice.