top of page
  • Clipeus

Mogilevich: A New Ransomware Operation

On February 20, 2024, amidst global headlines reporting an international law enforcement task force's successful takeover of the LockBit leak site, a new ransomware operation emerged. The group goes by the name 'Mogilevich.'

Mogilevich Leak Site (Accessed On February 21, 2024)

The ransomware operation does not claim any affiliation with nation states; however, the very name Mogilevich recalls a Russian connection. The name may reference Semion Mogilevich, a Ukraine-born national of Russia, Ukraine and Israel with an alleged criminal history. According to a recent press release of the United States FBI. Open sources suggest Semion Mogilevich may be linked to RosUkrEnergo, a Switzerland-based gas distributor with connections across Eastern Europe, and corporate ties with the Russian giant Gazprom. According to press sources, before his passing, the former KGB officer Alexander Litvinenko claimed Semion Mogilevich held close ties with the current Russian establishment.

So far the Mogilevich group listed one victim in the United States.

Intelligence available on this actor is presently very limited. We will keep monitoring the actor and share relevant intelligence when appropriate.


If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page