Phobos Ransomware Admin as Part of International Hacking Operation

The U.S. Department of Justice unsealed criminal charges today against Evgenii Ptitsyn, a 42-year-old Russian national accused of being a key figure in the notorious Phobos ransomware syndicate.

Ptitsyn was extradited from South Korea and made his initial appearance in the U.S. District Court for the District of Maryland on November 4.

Phobos ransomware has been linked to over 1,000 cyberattacks on public and private entities worldwide, resulting in more than $16 million in ransom payments from victims, according to prosecutors.

The ransomware specifically targeted critical sectors, including schools, hospitals, government agencies, and businesses, leaving a trail of encrypted data and financial devastation.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

Deputy Attorney General Lisa Monaco emphasized the collaborative effort in Ptitsyn’s capture: “Thanks to the tireless work of law enforcement agencies across multiple countries, we’ve brought an alleged cybercriminal to justice.”

Monaco highlighted the importance of international partnerships in combating the growing ransomware threat.

Phobos Ransomware’s Global Reach

According to the report from the US Dep. of. Justice, Ptitsyn, operating under online pseudonyms such as “derxan” and “zimmermanx,” allegedly coordinated the sale and distribution of Phobos ransomware to criminal affiliates.

These affiliates would infiltrate victim networks, steal sensitive data, and encrypt files, demanding large ransom payments for decryption keys. Failure to pay often led to threats of public exposure of the stolen files.

Principal Deputy Assistant Attorney General Nicole M. Argentieri stressed the scale of the operation: “Ptitsyn and his co-conspirators extorted millions from victims globally. This indictment reflects our unwavering commitment to holding ransomware actors accountable.”

Ptitsyn faces a 13-count indictment, including charges of wire fraud conspiracy, computer fraud, and extortion.

If convicted, he could face up to 20 years in prison for each count of wire fraud and 10 years for each hacking-related charge. A federal judge will determine sentencing based on U.S. Sentencing Guidelines.

The FBI’s Baltimore Field Office has spearheaded the investigation, with international law enforcement agencies from South Korea, Europe, and beyond playing pivotal roles in Ptitsyn’s arrest and extradition.

This case marks a critical victory in the U.S. government’s ongoing fight against global cybercrime.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free