A 42-year-old Russian national, Evgenii Ptitsyn has been extradited from South Korea to the United States to face charges related to his alleged role in administering the Phobos ransomware operation.
The Justice Department unfolded a 13-count indictment against Ptitsyn, accusing him of overseeing the sale, distribution, and functioning of the Phobos ransomware strain.
Phobos ransomware, through its affiliates, is alleged to have victimized more than 1,000 public and private entities worldwide, extorting over $16 million in ransom payments.
The targets included a wide range of organizations, such as government agencies, healthcare facilities, educational institutions, and critical infrastructure.
The Justice Department noted that Ptitsyn began offering access to Phobos in November 2020 to “affiliates,” allowing them to encrypt victims’ data and demand ransom payments in exchange for decryption keys.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
The ransomware operation functioned as a “ransomware-as-a-service” (RaaS) platform, with Ptitsyn allegedly acting as an administrator facilitating ransomware sales, distribution, and support for affiliates.
The charges against Ptitsyn include wire fraud, conspiracy to commit computer fraud, intentional damage to protected computers, and extortion related to hacking.
If convicted, he could face up to 20 years in prison for each wire fraud count and 10 years for each computer hacking offense.
Deputy Attorney General Lisa Monaco praised the international collaboration that led to Ptitsyn’s arrest and extradition, highlighting the efforts of law enforcement agencies from South Korea, Europe, Japan, and the United States. The case underscores the Justice Department’s commitment to combating the global threat of ransomware through international partnerships.
Ptitsyn made his initial appearance in the U.S. District Court for the District of Maryland on November 4, following his extradition from South Korea. The FBI’s Baltimore Field Office led the investigation, supported by Europol and the Department of Defense Cyber Crime Center.
This case represents a significant achievement in the ongoing fight against cybercrime, demonstrating the effectiveness of international cooperation in bringing alleged ransomware operators to justice.
As the threat actors continue to target various sectors, law enforcement agencies worldwide are intensifying their efforts to disrupt these operations and hold the threat actors responsible.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free