OP 19 November, 2024 - 03:28 AM
The U.S. Department of Justice unsealed charges against 42-year-old Russian national Evgeniy Ptitsyn , who is accused of leading the sales, distribution, and operations of the Phobos ransomware . Ptitsyn made his initial court appearance in the U.S. District Court for the District of Maryland on November 4 after being extradited from South Korea. Phobos , through its affiliates, targeted more than 1,000 public and private entities in the U.S. and around the world, extorting more than $16 million in ransoms .
Deputy Attorney General Lisa Monaco said, “ The Department of Justice is committed to leveraging all international partnerships to combat the threat posed by ransomware like Phobos . Evgeniy Ptitsyn allegedly extorted millions of dollars from thousands of victims and will now face justice in the United States thanks to the hard work and resourcefulness of law enforcement agencies around the world — from the Republic of Korea to Japan, Europe, and now to Baltimore, Maryland. Together with our partners around the world, we will continue to hold cybercriminals accountable and protect innocent victims ."
"Phobos Targeted Schools, Hospitals, and Critical Infrastructure"
Nicole M. Argentieri , Principal Deputy Assistant Attorney General and head of the Justice Department's Criminal Division, said: "Ptitsyn and his co-conspirators operated the Phobos ransomware ring, which targeted more than 1,000 victims worldwide ." She said the group targeted not only large corporations, but also schools, hospitals, nonprofits, and even a federally recognized tribe , extorting more than $16 million .
U.S. Attorney for the District of Maryland Eric L. Barron said, “It’s only a matter of time before these cybercriminals are caught and brought to justice .” He added that the indictment against Ptitsyn demonstrates the U.S. Attorney’s Office for the District of Maryland’s commitment to bringing cybercriminals to justice and collaborating with the private sector and academia to disrupt their activities.
According to the indictment, beginning in November 2020 , Ptitsyn and others conspired to conduct an international computer hacking and extortion scheme that harmed organizations around the world using Phobos .
Ptitsyn and his co-conspirators developed and provided access to Phobos.other criminals, or “affiliates,” who used it to encrypt victims’ data and extort ransoms. They operated a darknet website where they coordinated the sales and distribution of Phobos , and used online aliases such as “derxan” and “zimmermanx” to advertise their services on criminal forums.
Affiliates would infiltrate victims’ networks, often using stolen or illegally obtained credentials, steal the data, and encrypt it with Phobos . Once encrypted, the attackers would demand ransom payments through notes and communications with the victims, threatening to release the stolen files if the ransom was not paid.
Following successful attacks, affiliates would pay Ptitsyn for decryption keys by transferring funds to unique cryptocurrency wallets. From December 2021 to April 2024, payments were transferred to a wallet controlled by Ptitsyn.
Ptitsyn is charged with 13 counts , including conspiracy to commit wire fraud, computer fraud, and extortion. If convicted, he faces up to 20 years in prison for each count of wire fraud and up to 10 years in prison for each count of computer fraud.
The FBI and the Justice Department thanked their partners in South Korea , Europol , and law enforcement agencies in Japan, the United Kingdom, Spain, France, and other countries for their assistance with the extradition and investigation.
Deputy Attorney General Lisa Monaco said, “ The Department of Justice is committed to leveraging all international partnerships to combat the threat posed by ransomware like Phobos . Evgeniy Ptitsyn allegedly extorted millions of dollars from thousands of victims and will now face justice in the United States thanks to the hard work and resourcefulness of law enforcement agencies around the world — from the Republic of Korea to Japan, Europe, and now to Baltimore, Maryland. Together with our partners around the world, we will continue to hold cybercriminals accountable and protect innocent victims ."
"Phobos Targeted Schools, Hospitals, and Critical Infrastructure"
Nicole M. Argentieri , Principal Deputy Assistant Attorney General and head of the Justice Department's Criminal Division, said: "Ptitsyn and his co-conspirators operated the Phobos ransomware ring, which targeted more than 1,000 victims worldwide ." She said the group targeted not only large corporations, but also schools, hospitals, nonprofits, and even a federally recognized tribe , extorting more than $16 million .
U.S. Attorney for the District of Maryland Eric L. Barron said, “It’s only a matter of time before these cybercriminals are caught and brought to justice .” He added that the indictment against Ptitsyn demonstrates the U.S. Attorney’s Office for the District of Maryland’s commitment to bringing cybercriminals to justice and collaborating with the private sector and academia to disrupt their activities.
According to the indictment, beginning in November 2020 , Ptitsyn and others conspired to conduct an international computer hacking and extortion scheme that harmed organizations around the world using Phobos .
Ptitsyn and his co-conspirators developed and provided access to Phobos.other criminals, or “affiliates,” who used it to encrypt victims’ data and extort ransoms. They operated a darknet website where they coordinated the sales and distribution of Phobos , and used online aliases such as “derxan” and “zimmermanx” to advertise their services on criminal forums.
Affiliates would infiltrate victims’ networks, often using stolen or illegally obtained credentials, steal the data, and encrypt it with Phobos . Once encrypted, the attackers would demand ransom payments through notes and communications with the victims, threatening to release the stolen files if the ransom was not paid.
Following successful attacks, affiliates would pay Ptitsyn for decryption keys by transferring funds to unique cryptocurrency wallets. From December 2021 to April 2024, payments were transferred to a wallet controlled by Ptitsyn.
Ptitsyn is charged with 13 counts , including conspiracy to commit wire fraud, computer fraud, and extortion. If convicted, he faces up to 20 years in prison for each count of wire fraud and up to 10 years in prison for each count of computer fraud.
The FBI and the Justice Department thanked their partners in South Korea , Europol , and law enforcement agencies in Japan, the United Kingdom, Spain, France, and other countries for their assistance with the extradition and investigation.