Alleged Phobos Ransomware Administrator Extradited to the U.S. to Face 13-Count Indictment
The suspected administrator of the Phobos ransomware operation has been arrested and extradited to the United States where he faces a 13-count indictment. If found guilty he could spend the rest of his life in jail. Evgenii Ptitsyn, 42, a Russian national, is alleged to have administered the sale, distribution, and operation of Phobos ransomware. According to court documents, Ptitsyn and his co-conspirators are alleged to have started providing affiliates with Phobos ransomware in November 2020 to allow them to encrypt files on compromised networks and extort ransom payments. Ptitsyn is alleged to have used the monikers derxan and zimmermanx on cybercriminal forums to recruit affiliates to the operation.
Affiliates would access victims’ networks using compromised credentials, find and exfiltrate sensitive data, then encrypt files and demand payment. Victims were subsequently threatened via the telephone and email with data exposure to pressure them into making payments. The Phobos ransomware operation claimed more than 1,000 victims worldwide including hospitals, schools, and non-profit organizations. U.S. victims included a federally recognized tribe, three Maryland-based healthcare providers, a Pennsylvania-based healthcare company, two public school systems in California and Connecticut, and an Illinois-based contractor for the U.S. Department of Defense and the U.S. Department of Energy.
When ransom payments were made to the affiliates’ cryptocurrency wallets, they transferred the agreed percentage of the payments to the Phobos administrator’s cryptocurrency wallet, which the Department of Justice alleges was controlled by Ptitsyn. While the ransom payments were relatively low compared to some ransomware gangs at an average of around $54,000, the group generated more than $16 million in ransom payments.
Ptitsyn was extradited from South Korea to the United States where he faces five counts of causing intentional damage to protected computers, five counts of hacking-related extortion, and one count for each of wire fraud conspiracy, wire fraud, and conspiracy to commit computer fraud and abuse. Ptitsyn now faces up to 20 years in prison for each of the wire fraud counts, up to 10 years in jail for the hacking counts, and up to 5 years in prison for the conspiracy to commit wire fraud count.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
It took an international effort to identify Ptitsyn and secure his arrest and extradition. The FBII’s Baltimore Field Office investigated the case and the Office of International Affairs at the Department of Justice worked with the U.S. Department of Defense Cyber Crime Center and law enforcement partners in South Korea, Japan, Spain, Belgium, Poland, Czech Republic, France, Romania, the United Kingdom, and Europol. “We know it takes strong partnerships to disrupt cybercriminal networks, and the FBI must thank our partners for the important roles they play in carrying out this mission. The extradition announced today would not have been possible without their assistance,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.
