A Russian man who allegedly served as an administrator of the Phobos ransomware that’s extorted millions of dollars from more than a thousand victims is in U.S. custody, the Justice Department said Monday.

South Korea extradited Evgenii Ptitsyn, 42, to the United States for a court appearance Nov. 4, according to a news release about an unsealed 13-count indictment.

The Phobos ransomware has extorted over $16 million from more than 1,000 victims worldwide, including schools, hospitals, government agencies and large corporations, DOJ said. The department chalked up the arrest to international team-ups.

“The Justice Department is committed to leveraging the full range of our international partnerships to combat the threats posed by ransomware like Phobos,” said Deputy Attorney General Lisa Monaco. “Evgenii Ptitsyn allegedly extorted millions of dollars of ransom payments from thousands of victims and now faces justice in the United States thanks to the hard work and ingenuity of law enforcement agencies around the world — from the Republic of Korea to Japan to Europe and finally to Baltimore, Maryland.”

Ptitsyn faces charges of wire fraud, wire fraud conspiracy, conspiracy to commit computer fraud and abuse, as well as four counts of extortion in relation to hacking and four counts of causing intentional damage to protected computers.

Along with his co-conspirators, Ptitsyn — who was known by the online handles “derxan” and “zimmermanx” at times — developed Phobos and offered access to the ransomware to other criminals in exchange for fees from successful ransomware attacks.

Those attacks began as far back as four years ago, and drew a warning from the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation in February that Phobos was targeting state and local government services.

The ransomware is both “pretty standard” and noted for its small ransom demands, according to cybersecurity researchers.

Another researcher said the arrest makes sense in light of recent data about Phobos and 8Base ransomware operators that used a variant of Phobos.

“We recently identified a significant drop” in Phobos activity, Alexander Leslie, threat intelligence analyst for Recorded Future, said on X, “with 8Base stalling entirely last month.

“We have an explanation,” he wrote on the social media platform.

The post Alleged Russian Phobos ransomware administrator extradited to U.S., in custody appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

US car dealers are feeling the pain of CDK cyberattack

June 24, 2024 0 Comments 0 tags

At least six companies have alerted the Securities and Exchange Commission that the fallout from the ransomware attack on automotive industry software provider CDK Global has had a negative or

ISC Releases Security Advisories for BIND 9

July 24, 2024 0 Comments 0 tags

The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of

Credit monitoring and supply chain risk company hacked

October 8, 2024 0 Comments 0 tags

Hackers stole sensitive employee data from a software-as-a-service company that advises consumers on trade credit and provides supply chain risk monitoring, according to a Securities and Exchange Commission filing. CreditRiskMonitor.com