- The Breach Report
- Posts
- Evgenii Ptitsyn Extradited to U.S. for Phobos Ransomware
Evgenii Ptitsyn Extradited to U.S. for Phobos Ransomware
The Justice Department charges Russian hacker Evgenii Ptitsyn as the administrator of a ransomware-as-a-service organization extorting millions from victims
Rob Waters
November 20, 2024 • ⏱️ Reading Time: 4 minutes
Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.
Russian National Extradited for Phobos Ransomware Attacks
Evgenii Ptitsyn, a 42-year-old Russian national, has been extradited from South Korea to the United States to face charges for his alleged role as an administrator of the Phobos ransomware. Ptitsyn appeared in the U.S. District Court in Maryland on November 4th, 2024, facing charges for his cyber criminal activities that included extorting over $16 million from over 1,000 victims in the U.S. alone. The arrest is a significant victory for international law enforcement agencies working to combat the growing threat of ransomware attacks.
Ptitsyn was also known as “derxan” and “zimmermanx” in his cybercriminals activities. If convicted, Ptitsyn could face significant prison time: up to 20 years for each wire fraud count, 10 years for computer hacking, and five years for conspiracy.
The Phobos ransomware is a type of malware that encrypts a victim's files, making them inaccessible until a ransom is paid. The Justice Department alleges that Ptitsyn and his co-conspirators developed the Phobos ransomware and offered access to other criminals, or “affiliates,” in exchange for fees from successful ransomware attacks.
Once the victim’s data was successfully infected with the Phobos ransomware and paid a ransom, criminal affiliates paid fees to Phobos administrators like Ptitsyn for a decryption key to regain access to the encrypted files.
These attacks, which began as far back as 2020, targeted a wide range of victims, including schools, hospitals, government agencies, and enterprises globally.
Charges Against Ptitsyn
Ptitsyn is facing a 13-count indictment that includes:
Wire fraud conspiracy
Wire fraud
Conspiracy to commit computer fraud and abuse
Four counts of causing intentional damage to protected computers
Four counts of extortion in relation to hacking
If convicted on all counts, Ptitsyn faces a maximum penalty of 20 years in prison for each wire fraud count, 10 years for each computer hacking count, and 5 years for conspiracy to commit computer fraud and abuse.
International Collaboration Leads to Arrest
Ptitsyn's extradition results from a collaborative effort between law enforcement agencies in multiple countries, including South Korea, the United States, the United Kingdom, Japan, Spain, Belgium, Poland, the Czech Republic, France, and Romania. This case highlights the importance of international cooperation in combating cybercrime, which often transcends national borders.
It also staggeringly illustrates the extent to which international law enforcement agencies and the United States will hold hackers accountable.
No matter where they are in the world, this case is a major step forward in the fight against ransomware and a reminder of the importance of international cooperation in combating this growing threat.
Phobos Ransomware: Finally on the decline
Phobos ransomware is a particularly insidious form of malware because it often targets organizations that provide essential services, such as healthcare and education. The disruption caused by these attacks can significantly impact ordinary people's lives. In February 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned that Phobos was targeting state and local government services.
We’ve been tracking Phobos at @RecordedFuture for years, including affiliates and related groups. (Looking at you, 8Base.)
We recently identified a significant drop in Phobos submissions to Malware Intelligence, with 8Base stalling entirely last month.
We have an explanation.
— Alexander Leslie (@aejleslie)
7:37 PM • Nov 18, 2024
Cybersecurity researchers have noted a recent decline in Phobos activity, possibly related to Ptitsyn's arrest. Alexander Leslie, a threat intelligence analyst for Recorded Future, observed a significant drop in Phobos activity and a complete stall in the operations of 8Base ransomware, which used a variant of Phobos.
Today’s Cyber Wall of Shame
Veterans’ data is a valuable target to our adversaries. The United States Department of Veterans Affairs must do better.
Veterans’ data is one of our most cherished assets.
But, VA seems to be reactive not proactive when it comes to cybersecurity.
Today @HouseVetAffairs TM subcommittee hearing, I asked our witness if we provide their budget request, will our cyber issues go away?
My full line of… x.com/i/web/status/1…
— Congressman Morgan Luttrell (@RepLuttrell)
4:08 PM • Nov 20, 2024
Until next time…
Rob Waters
Founder
The Breach Report + Cybersecurity Careers Blog
P.S. - Do you want to start a newsletter yourself?
You can with beehiiv. Create one today with a free trial.
Disclaimer: The Breach Report may contain affiliate links. Read our Advertising policy page.
Reply