CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Russian Phobos Ransomware Operator Extradited to US

Evgenii Ptitsyn was extradited from South Korea to the US to face charges for his alleged involvement in administering the Phobos ransomware.

A Russian national allegedly involved in administering the Phobos ransomware appeared in court in the US after being extradited from South Korea.

The man, Evgenii Ptitsyn, 42, was allegedly involved in the development of Phobos, and oversaw the sale, distribution, and operations of the ransomware, an indictment unsealed by the US Department of Justice shows.

Starting November 2020, the indictment claims, Ptitsyn conspired with others to create and offer Phobos under the ransomware-as-a-service (RaaS) model, where affiliates were using Phobos to encrypt victims’ data and demand ransom payments.

The sale and distribution of the ransomware were coordinated using a Tor-based website, while the RaaS was advertised on dark web cybercrime forums and messaging platforms.

Phobos affiliates, DoJ says, hit over 1,000 organizations in the US and abroad, extorting more than $16 million from their victims.

After gaining access to a victim’s network, often using stolen credentials, the attackers copied files of interest and then deployed Phobos to encrypt the data. Victims were asked to pay a ransom in exchange for the decryption keys and threatened with having the stolen data made public.

According to the DoJ, Phobos’ affiliates paid fees to the RaaS administrators such as Ptitsyn. The payments were directed to cryptocurrency wallets unique to each affiliate and then transferred to a wallet controlled by Ptitsyn.

Ptitsyn is charged with 13-counts of wire fraud and wire fraud conspiracy, computer fraud and abuse conspiracy, computer hacking, and extortion. He could be sentenced to 20 years in prison for each wire fraud count, 10 years for computer hacking, and five years for extortion.

Advertisement. Scroll to continue reading.

In March this year, CISA, the FBI, and MS-ISAC issued a joint alert on Phobos, warning government, education, emergency services, healthcare, and other critical infrastructure sectors of its continuous attacks.

Related: Akira Ransomware Drops 30 Victims on Leak Site in One Day

Related: Ransomware Attack Knocks 100 Romanian Hospitals Offline

Related: Ransomware Persists Even as High-Profile Attacks Have Slowed

Related: Tough Fight Looms Against Ransomware ‘Epidemic’

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.