Polish authorities have arrested a 47-year-old man suspected of links to the notorious Phobos ransomware group during a coordinated international crackdown known as Operation Aether.
The suspect was detained in the Małopolska region by officers from Poland’s Central Bureau of Cybercrime Control (CBZC), with support from units in Katowice and Kielce.
During a search of the suspect’s residence, investigators supervised by the District Prosecutor’s Office in Gliwice seized computers and mobile phones containing stolen credentials, passwords, credit card numbers, and server IP addresses. Authorities said the data could be used to gain unauthorized access to computer systems and launch ransomware attacks. Police also determined that the suspect communicated with members of the Phobos cybercrime organization using encrypted messaging applications.
The suspect now faces charges under Article 269b of Poland’s Criminal Code for producing, acquiring, and distributing hacking tools designed to unlawfully obtain information from IT systems. If convicted, he could face up to five years in prison.
Operation Aether, coordinated by Europol, has targeted multiple individuals linked to the Phobos ransomware ecosystem, including backend infrastructure operators and affiliates responsible for network intrusions and data encryption. In November 2024, the alleged Phobos administrator was extradited to the United States. In February 2025, authorities seized 27 servers and arrested two suspected affiliates in Thailand, significantly disrupting the group’s operations.
Phobos, a ransomware-as-a-service operation derived from the Crysis ransomware family, has been responsible for widespread attacks on businesses globally. The U.S. Justice Department previously linked the group to more than 1,000 breaches worldwide, with ransom payments exceeding $16 million. In July 2025, Japanese police released a free decryptor for Phobos and 8Base ransomware, helping victims recover their files without paying ransom.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Law enforcement agencies say Operation Aether has not only weakened the group’s infrastructure but also helped warn hundreds of companies worldwide about ongoing or imminent ransomware threats.
